How safe is your tax rebate e-invoice app? Learn how to protect yourself.

More and more apps are available in Google Play Store allowing to manage your invoices. Some apps are focused on small businesses in order to make quotes or invoices for clients, but other apps are also targeting individuals. For instance in Portugal, the government is encouraging people to ask for...

Stored XSS in olx.pt

Our team leader found a stored XSS in olx.pt. When submiting a new ad, it was possible to add a XSS payload on data[person]. The ad got approved without reflection on the output of this field, it was sanitized. Afterwards when we try to edit the ad, the payload was launched, so the input wasn't sani...