This presentation goes over the details of a responsible disclosure process, which took place between November 2023 and July 2024.
Throughout this period, I've reported a series of vulnerabilities & misconfigurations in Google's Architecture Diagramming Tool.
The severity of disclosed shortcomings & potential customer impact, resulted in said service getting quarantined indefinitely 🚧
https://jdomeracki.egnyte.com/dl/0pi2M64IBE/xss_poc_22_11_2023.mov_
https://jdomeracki.egnyte.com/dl/f9FQOTDhZs/vulnerable_gcs_handler_poc.mov_