Blind XSS on Twitter's internal Jira panel at ████ allows exfiltration of hackers reports and other sensitive data

The researcher demonstrated a vulnerability in Twitter's Jira instance where user supplied information was handled in an improper manner, rendering the application vulnerable to blind XSS. By crafting a bug report and sending it to Twitter it was possible to locate this proof of concept code within Twitter's Jira instance, such that upon viewing by an employee the researcher's proof of concept code would execute. This vulnerability allowed the researcher to obtain information about internal reports stored within Twitter's internal Jira instance.