This folder contains a proof-of-concept for a cross-site scripting vulnerability found in a banking application. The details are archived in XSS_BOA.zip. The finding was part of broader research into how reflected XSS could be combined with browser-level bugs — the XSS entry point in the application served as the injection surface, while browser quirks could amplify the impact.

The specifics of the vulnerable parameter and application endpoint are kept deliberately vague here, as the vulnerability was reported and addressed through proper disclosure channels at the time.

Found during my years at Microsoft (2006–2014). These bugs were patched long ago — shared here as a historical record for learning purposes.