a stored xss in web widget chat
High
Z
Zendesk
Submitted None
Team Summary
Official summary from Zendesk
The researcher found a stored XSS vulnerability where an end-user was able to execute arbitrary Javascript against the Zendesk agent via the chat integration. The researcher participated in the Zendesk 2016 holiday promotion and was awarded the Zendesk promotional bounty.
Actions:
Reported by
securitythinker
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Generic