Blind stored xss in demo form
High
U
Upserve
Submitted None
Team Summary
Official summary from Upserve
Through Upserve's demo request form, @paresh_parmar found a blind XSS in a 3rd party package for Upserve's CRM system. While the CRM system and 3rd party package are out of scope for our program, we decided to reward @paresh_parmar for his work in bringing this issue to our attention.
Actions:
Reported by
paresh_parmar
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$500.00
Submitted
Weakness
Cross-site Scripting (XSS) - Stored