Name: When Regulation Backfires: How a Vulnerable Plugin Led to an XSS Pandemic
Start: 2025-05-30T15:30:00+0200
End: 2025-05-30T16:15:00+0200

Friday May 30, 2025 3:30pm - 4:15pm CEST

Room 113

What began as a simple WAF bypass challenge on a single website turned into the discovery of a vulnerability affecting thousands of organizations. Join us in the journey of how an accessibility plugin, mandated by regulation, became the perfect vehicle for a widespread XSS vulnerability. We’ll explore the real-world impact of compromised sensitive systems, from government and military to healthcare and finance, showing how a single regulatory requirement led to an ecosystem-wide security breach.

We’ll also analyze the plugin’s source code to understand how and why this XSS vulnerability occurs, along with a behavior analysis that suggests the plugin may also be tracking users without consent, indicating potential malicious intent. Additionally, we’ll share the methodology and tools used to uncover and validate these vulnerabilities at scale.

Speakers

Eilon Cohen

Security Analyst, Checkmarx Research

That kid who took apart all his toys to see how they worked.Currently breaking (and fixing) things in the Research group at Checkmarx. Educational spans from Mechanical Engineering and Robotics to Computer science, but a self-made security personnel. Ex-IBM as a security engineer... Read More →

Ori Ron

Senior AppSec Researcher, Checkmarx

Ori Ron is a Senior Application Security Researcher at Checkmarx with over 8 years of experience. He works to find and help fix security vulnerabilities and enjoys sharing security knowledge through talks and write-ups. linkedin.com/in/ori-ron-40099912b/ checkmarx.com/author/or... Read More →

Friday May 30, 2025 3:30pm - 4:15pm CEST
Room 113

Breakout: Breaker Track

Audience Intermediate

OWASP 2025 Global AppSec EU

Eilon Cohen

Ori Ron

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!