diff --git a/content/docs/client-side/csp.md b/content/docs/client-side/csp.md
index b46ecc1..d6045f7 100644
--- a/content/docs/client-side/csp.md
+++ b/content/docs/client-side/csp.md
@@ -99,4 +99,5 @@ i.Event.prototype.flags="-alert(location.href)"
 ```
 
 **References:**
-- [Arbitrary Parentheses-less XSS against strict CSP policies](https://terjanq.medium.com/arbitrary-parentheses-less-xss-e4a1cf37c13d)
\ No newline at end of file
+- [Arbitrary Parentheses-less XSS against strict CSP policies](https://terjanq.medium.com/arbitrary-parentheses-less-xss-e4a1cf37c13d)
+- [XSS with CSP bypass leads to diagrams backdoor in jgraph/drawio](https://huntr.com/bounties/4c1c5db5-210f-4d7e-8380-b95f88fdb78d)
\ No newline at end of file