Web Cache Poisoning 11

• DOM XSS via an alternative prototype pollution vector 04/04/2026
• DOM XSS via client-side prototype pollution 04/04/2026
• Web cache poisoning via a fat GET request 26/01/2026
• Parameter cloaking 25/01/2026
• URL normalization 24/01/2026
• Web cache poisoning via an unkeyed query parameter 24/01/2026
• Web cache poisoning via an unkeyed query string 12/08/2025
• Targeted web cache poisoning using an unknown header 12/08/2025
• Web cache poisoning with multiple headers 12/08/2025
• Web cache poisoning with an unkeyed cookie 12/08/2025
• Web cache poisoning with an unkeyed header 12/08/2025