There is a certain category of web vulnerabilities that usually are considered as non-issues by security folks.
Such vulnerabilities include
And by themselves such vulnerabilities really are benign at best and attack scenarios usually involve social engineering. So how can such vulnerabilities be made more impactful? Here Cache Poisoning comes into play.
For a demonstration let's look at web.archive.org. It's a sandboxed domain as various content from Web is stored there and code execution is given by default. However as code is executed only in attacker's scope not much can be achieved there.
But what if an attacker could poison different parts of the Sandboxed Domain outside of its scope?
For a demonstration click on the following link:
https://web.archive.org/web/20240220190618id_ /https://gamepadgames.com/poc/#urls= https://web.archive.org/web/*/bbc.com &service=https://web.archive.org/web/ 20230413215333id_?/ https://gamepadgames.com/serviceworker.jsNow visit
https://archive.organd try searching for cnn.com, bbc.com or google.com
What happened here is that browser cache was poisoned outside of attacker's scope and a benign code execution in a sandboxed domain can be turned into a rather serious attack.
P.S. While there please don't forget to make a donation to archive.org - they are are doing a much needed work.