These are some of my duplicate vulnerabilities found. I just thought of sharing with you. Recently I found two POST XSS in CloudFlare and unfortunately I was not the first to report.
I found the first issue in the “Confirm Key Generator” dialog box.
Let’s have a closer look at the URL.
It seems like an XMLHttpRequest object is used in the server side it accept our POST request. (more…)