Microsoft Subdomain XSS Report — Published

2 min readJun 21, 2024


I’m excited to announce the release of a comprehensive report detailing an XSS vulnerability discovered on the Microsoft subdomain This report showcases the power and precision of my #IBRAHIMXSS Tool, which has proven to be an indispensable asset in the field of cybersecurity.

The Discovery

During a routine scan using the #IBRAHIMXSS Tool, a critical XSS vulnerability was identified on the aforementioned Microsoft subdomain. This vulnerability, if left unpatched, could potentially be exploited by malicious actors to execute arbitrary scripts within the context of the user’s browser. Such exploits can lead to various malicious activities, including stealing cookies, session hijacking, and more.

How #IBRAHIMXSS Tool Made a Difference

What sets the #IBRAHIMXSS Tool apart is its unparalleled efficiency and accuracy. With over 2500 encoded payloads tested in a mere 15 seconds, the tool ensures zero false positives, providing precise and actionable results. This discovery exemplifies the tool’s unique innovation and flexible detection modes, which cater to both POST and GET requests, DOM-based XSS, JSON web apps and PATH-based XSS.

Access the Report

I am sharing this detailed report to help others learn from this finding and understand how the #IBRAHIMXSS Tool operates. The report is available for anyone interested in cybersecurity, offering insights into the methods and payloads used to uncover the vulnerability. By examining this report, you can gain a deeper understanding of how to identify and mitigate similar vulnerabilities in other web applications.

Reporting to Microsoft

On April 26, 2024, I reported this vulnerability to Microsoft. They acknowledged the issue and placed a fix on June 13, 2024. However, despite their efforts, the patch did not cover all XSS vulnerabilities across all four affected domains.


The identification of the XSS vulnerability on a Microsoft domain underscores the importance of robust security measures and continuous monitoring. With tools like #IBRAHIMXSS, security professionals can stay ahead of potential threats and ensure the safety of their digital environments.

Stay tuned for more findings and insights as we continue to push the boundaries of web application security. To access the full report and learn more about the #IBRAHIMXSS Tool, visit this LINK




Deploying an alert box in a web app is like having a tiny pop-up comedian shout 'Surprise!' whenever you least expect it!