- Published on
Bypassing DOMPurify's sanitization using namespace confusion in MathML to achieve XSS on the challenge web application. This involved analyzing obfuscated JavaScript, reversing URL parameter handling, and leveraging a known DOMPurify bypass to successfully trigger the exploit.