Question 1

How can I use uxss-db to find vulnerabilities for a specific browser version?

Accepted Answer

Browse the browser-specific sections (WebKit, Chromium, IE/Edge) in the README tables, which list CVEs with version information and dates, allowing you to filter and identify relevant exploits for targeted research.

Question 2

What's the difference between UXSS and regular XSS?

Accepted Answer

UXSS (Universal XSS) exploits browser or plugin vulnerabilities to bypass the Same-Origin Policy, enabling attacks across different domains, while regular XSS targets flaws in specific web applications. uxss-db focuses on these browser-level issues with curated examples.

Question 3

How to extract data from js-vuln-db using the scripts in uxss-db?

Accepted Answer

Run the provided bash scripts, such as `bash ./scripts/js-vuln-db-to-format.sh html`, to convert vulnerability data into HTML or JS formats. This automates data extraction for easier analysis and integration into other tools.

Question 4

Is uxss-db updated regularly with new vulnerabilities?

Accepted Answer

The README doesn't specify an update frequency; it appears to be a static collection based on its last commit. Check the repository's commit history or the TODO section for recent additions, but supplement with current sources for up-to-date info.

Question 5

How does uxss-db compare to OWASP resources for web security?

Accepted Answer

uxss-db is specialized in browser-specific UXSS vulnerabilities with technical details and PoCs, while OWASP focuses on broader web application risks like injection or broken authentication. They complement each other for different aspects of security research.

Question 6

How to contribute missing vulnerabilities to uxss-db?

Accepted Answer

Review the TODO section in the README for known gaps, then submit pull requests with new CVEs, proof-of-concepts, or research links. The project welcomes community contributions to expand its database and resources.

Question 7

Can uxss-db be used for bug bounty hunting effectively?

Accepted Answer

Yes, it provides historical UXSS vulnerabilities and research materials to understand browser flaws, helping hunters identify similar patterns or bypasses. However, combine it with active testing tools and up-to-date bug trackers for current targets.

uxss-db

What is uxss-db?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions