Stored XSS on support.rockstargames.com

In this report, the researcher was able to demonstrate a proof-of-concept exploit for a Stored XSS vulnerability on our Support site at support.rockstargames.com. The POC consisted of two parts; the setup and the trigger. The setup required entering a particular XSS payload in the Title for a new Support Community thread. It is important to note that Titles of threads are stored and referenced for later Title suggestions. The trigger would be when another user came along and attempted to create a new Support thread with a similar title; this is because the system would search for similar titles to suggest to the victim, and when it found our previously entered malicious Title, the script in the Title would be executed. We have since patched this vulnerability, though it is worth pointing out to anyone looking to find bypasses for this solution that there is still one of the original POCs for this vulnerability lurking about that we were unable to remove. If you stumble across this, 1). Do not be alarmed, and 2). Do not submit it to us as a bug bounty report. It is not proof of a new vulnerability. It should be cleaned up shortly. Thank you!