In this page, I'll link findings I never got around to write a full blog about.
CVE-2019-14809 - Hostname spoofing via crafted URLs
SameTime, MSN Messenger, Yahoo Messenger
Slides from the presentation I gave at OWASP 2015
Chrome XSS Auditor
Bypass through HTTP Parameter Pollution (2012)