Skip to content
~$0xManticore
CertificationsResearchWrite-upsContact
resume.pdf
CertificationsResearchWrite-upsContactresume.pdf

ls ~/writeups

Write-ups

Findings and methodology at an educational level. Proof-of-concept is sanitized or left out. Dates reflect when the work was done.

  • Jun 3, 2026·2 min read

    A reflected XSS in Cisco Webex Meetings, and what a clean disclosure looks like

    Notes on reporting CVE-2026-20233, an unauthenticated reflected cross-site scripting issue in the Webex Meetings web interface, and the process that turned it into a fixed product and a named credit.

    • web
    • xss
    • disclosure
  • May 22, 2026·2 min read

    Unauthenticated SSRF in WordPress plugins, and the callback pattern that keeps producing it

    A field note on the class of bug behind CVE-2026-7798 in FluentCRM. When a plugin fetches a URL supplied in an unauthenticated request, an allowlist is not optional. Educational only, no weaponization.

    • wordpress
    • ssrf
    • methodology

No write-ups with that tag yet.

0xManticore Saleh Elsayed

Senior Cybersecurity Consultant.

HackerOneGitHubLinkedInHack The BoxXEmail

© 2026 Saleh Elsayed