1° i have the report 699380 that is stucked in pending sub from a month, maybe is not a duplicate?
2° I think if we are able to spawn an xss, the position and the way in which we obtain the vulnerability is not very important.
so I'm wondering why to reject xss over sql errors:
sure if there was not the sqli there would be no xss in thew same way, but if there was not html injection probably there would no be xss. the correct sanitization is however lacking in the web application.
So why refuse them?
Questions
Re: Questions
we already have reports fot this vulnerability https://www.openbugbounty.org/reports/685264/
Who is online
Users browsing this forum: No registered users and 2 guests