Bug Bountyのwrite upなどでも実例が見られる(下部のURL参照) • 悪用できるかは状況次第で、少しわかりにくい https://medium.com/@Nightbloodz/the-power-of-client-side-path-traversal-how-i-found-and-escalated-2-bugs-through-670338afc90f The power of Client-Side Path Traversal: How I found and escalated 2 bugs through “../” by Alvaro Balada
to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://trusted.test') does not match the recipient window's origin ('https://attacker.test'). PM