Why would YOU see a mystery XSS exploit on a social network? The idea of the DoD scoring these little exploits in a box is usually to deploy in a highly controlled and specific manner. You as a layperson is of no interest to them unless you are some kind of intelligence asset or foreign adversary

▲

MajesticHobo2 16 hours ago | parent [-]

Wouldn't platforms see the supposed XSS payloads in their logs and publish analyses of them, or at the very least, announce that they happened?

▲

rvnx 14 hours ago | parent [-]

Seems like none of these major websites detected anything, and they are supposed to be top-notch in the world.

It's only because the researcher contacted them.

▲

tptacek 14 hours ago | parent [-]

Also because nobody actively exploited them! You're using the word "detected" to mean "discovered", which nobody working in the field would ever do.

	▲	rvnx 13 hours ago \| parent [-]
		detected: WAF caught or detected the attack and raised an alert, post-exploitation discovered: they audited or pentested themself and found out, preemptively I just mean that Coinbase didn’t see anything happening and didn’t take action though the boy successfully exploited the vulnerability on their live system.