|
|
|
|
|
|
by tptacek
2114 days ago
|
|
|
XSS? Outside of a social network, where it can propagate itself? For a non-FAANG-scale company? Probably between $250 and $500, if it's a clean and effective XSS. Less if you have to interact with an obscure feature of the application. |
|
|
Interesting to hear,
Makes me think that there is not any big marked for exploits targeting smaller companies. Maybe such exploits (for smaller products) would be useful primarily for spear phishing? and not bring in so much money if sold, & hard to find a buyer?
Still, if the note taking app was sth well known like Ev*rnote, I wish they'd pay more. (No idea if it was.)