Ashar Javed

Ashar Javed works on penetration testing, source code review and mobile application vulnerability assessments at Hyundai AutoEver Europe GmbH. He has spent three years as a security researcher for Ruhr-Universität Bochum, Germany. Ashar holds a PhD degree from Ruhr-Universität Bochum and MSc from Technische Universität Hamburg-Harburg, Germany. His research interests include web application vulnerabilities and in particular Cross-Site Scripting.

Ashar delivered talks at main security events like Black Hat Europe 2014, HITB KL 2013, OWASP Spain (2014, 2015 & 2016), SAP Product Security Conference 2015, International PHP Conference 2015, ISACA Ireland 2014, RSA Europe (OWASP Seminar) 2013, DeepSec, Austria (2013, 2014, 2015 and 2018), and GISEC, Dubai 2016. In his free time, he likes to participate in bug bounty programs. Recently, Microsoft has recognised Ashar as No. 1 security researcher in Microsoft’s Security Response Center (#MSRC) Top 100 security researchers list of 2018. He blogs at “Respect XSS” and tweets at @soaj1664ashar.




CVEs Disclosed by Ashar Javed

09/11 CVE-2020-16858

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a...

5.4 MEDIUM
09/11 CVE-2020-16859

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a...

5.4 MEDIUM
09/11 CVE-2020-16860

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly...

8.8 HIGH
08/17 CVE-2020-1591

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a...

5.4 MEDIUM
04/15 CVE-2020-1050

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a...

6.1 MEDIUM
04/15 CVE-2020-1049

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a...

5.4 MEDIUM
01/14 CVE-2020-0656

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a...

5.4 MEDIUM
11/04 CVE-2020-1328

CVE-2020-1328 is reserved and pending public disclosure since Nov 4, 2019. When the official advisory for CVE-2020-1328...

11/04 CVE-2020-1221

CVE-2020-1221 is reserved and pending public disclosure since Nov 4, 2019. When the official advisory for CVE-2020-1221...

10/10 CVE-2019-1330

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege...

6.5 MEDIUM

This page is open source. Noticed a typo? Or something missing?

Improve this page