Konstantin :C_H:<p>Change the scope a little, and you might miss the attack that matters most! Just five minutes of screen sharing made me find an unauthenticated XSS in <a href="https://infosec.exchange/tags/Weblication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Weblication</span></a>'s admin panel.</p><p>Many pentesters would have missed this vulnerability. And it's not for lack of skill, but because of how projects are scoped. 🧵</p><p><a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Scoping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Scoping</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/CVE_2025_52161" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE_2025_52161</span></a></p>