In April 2013 I completed a survey of Windows Store apps and identified twenty that had exploitable security issues. The findings covered a range of vulnerability classes common to the WinJS app platform — unsafe DOM manipulation, use of execUnsafeLocalFunction, failure to sanitize web content loaded into webview controls, and similar issues. The detailed writeup was shared with the platform security team and the individual app teams for remediation.

Found during my years at Microsoft (2006–2014). These bugs were patched long ago — shared here as a historical record for learning purposes.