A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab has since patched the issue.

Comcast and other ISPs “experimenting” with data caps inject JavaScript code into their customers’ data streams in order to display overlays on Web pages that inform them of data cap thresholds.

Many apps sneak data trackers onto websites you visit through their in-app browser using a method called Javascript injection, which adds extra code to a page as it loads.

Mozilla rolled out protection measures to block code injection attacks in the Firefox web browser, with the attack surface being reduced by removing eval()-like functions and inline scripts ...

“With any in-app redirect-logic/open redirect, HTML or JavaScript injection, it’s possible to execute arbitrary code within Slack desktop apps,” wrote a bug-hunter going by the handle ...

To clarify, no claims were made as to the discovery of the javascript injection as this is not confidential but rather to the disclosure of intellectual property source code.