|
|
|
|
|
|
by cwkoss
2493 days ago
|
|
|
Waited a couple weeks. It was pretty low hanging fruit. I was going through an XSS tutorial and used their site for practice. `<script>alert(1)` could be saved into several user fields including Name and would then be executed on every subsequent pageload around the site. If there was some indication that someone had reported it recently I maybe would have waited longer, but I suspect this bug had been known for months. |
|
|