Valid XSS Vulnerabilities Rejected
Posted: Mon Jan 29, 2024 1:52 pm
Hello admin,
I have reported valid XSS vulnerabilities along with the XSS URL for 2 programs but they were rejected owing to the reason that it wasnt reproducible even though I have tested the XSS URL on multiple browsers and I got the popup displaying OPENBUGBOUNTY all the time.
I also have videos and screenshots as proof of concepts for the same that those are indeed valid XSS vulnerabilities and in the report I also metnioned in detail how the payload was constructed to form the vulnerable XSS URL and get the popup alert displaying 'OPENBUGBOUNTY' or document.cookie or document.domain for that particular domain that i had submitted and reported. Please look into these. They arent false vulnerabilities and are legit and valid XSS vulnerabilities where you paste the URL into the browser and you get popup alert. Thanking you
I have reported valid XSS vulnerabilities along with the XSS URL for 2 programs but they were rejected owing to the reason that it wasnt reproducible even though I have tested the XSS URL on multiple browsers and I got the popup displaying OPENBUGBOUNTY all the time.
I also have videos and screenshots as proof of concepts for the same that those are indeed valid XSS vulnerabilities and in the report I also metnioned in detail how the payload was constructed to form the vulnerable XSS URL and get the popup alert displaying 'OPENBUGBOUNTY' or document.cookie or document.domain for that particular domain that i had submitted and reported. Please look into these. They arent false vulnerabilities and are legit and valid XSS vulnerabilities where you paste the URL into the browser and you get popup alert. Thanking you