Results of my experiment reporting an Amazon XSS via Open Bug Bounty:

· Reported on 2021-03-08
· Automatically disclosed on 2021-06-06, still unpatched
· Actually fixed at some point before 2021-09-17

No idea whether Amazon even received the original report. Maybe they only noticed because someone started exploiting this vulnerability. So: no, not sure whether I want to do this again.

· · Web · 0 · 0 · 0
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.