Stored XSS templates -> 'call for action' feature

Hi Jeff, Reporting the Stored XSS in template section on 'call for action' button. (Already discussed in mail) 1] Login to Mixmax and navigate to template section 2] Click on enhance and select call for action button 3] Enter anything in button text and in URL enter XSS payload (blocked:alert(document.cookie)) 4] Insert the button and click it to execute XSS. Impact : XSS can be stored in template and when Team manager/admin uses that template and clicks the button , our XSS executes Thank you