scope: Add Self-XSS example to soc-eng attacks (#97)

decred · May 11, 2023 · 6501f25 · 6501f25
1 parent ea41dc2
commit 6501f25
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/content/scope/index.md b/src/content/scope/index.md
@@ -52,7 +52,9 @@ atomicswap only the Bitcoin, Decred and Litecoin versions of the tools are in sc
 - Missing security best practices that do not directly lead to a vulnerability.
 - Insecure settings in non-sensitive cookies.
 - Vulnerabilities (including XSS) that affect only legacy browser/plugins.
-- Non-technical attacks such as social engineering, phishing, or physical attacks against our members, users, or infrastructure.
+- Non-technical attacks such as social engineering, phishing, or physical
+  attacks against our members, users, or infrastructure. This includes attacks
+  such as [Self-XSS](https://en.wikipedia.org/wiki/Self-XSS).
 - Missing HTTP headers, unless a vulnerability can be demonstrated.
 - Bugs requiring exceedingly unlikely user interaction.
 - Outdated software/library versions.