Jeremy Buis

Security engineer who breaks things for a living.

Bug Bounty

• Stored XSS in TSVB Visualizations Markdown Panel

Writing

• Exploiting Less.js to Achieve RCE
• Elementor Page Builder 2.9.8 Stored XSS
• Jetbrains TeamCity Reflected XSS
• ImageMagick RCE Take 2

Open Source

• Contributor to PayloadsAllTheThings (76k+ ⭐) — Less.js RCE payloads

CVEs

• CVE-2020-13864, CVE-2020-13865, Stored XSS in Elementor
• CVE-2020-7015, Stored XSS in Kibana TSVB
• CVE-2019-15848 Reflected XSS in JetBrains Teamcity
• CVE-2018-2625, XXE in Oracle Weblogic

Coding

• Durian a vulnerable JavaScript server