ThisData: STORED XSS FOUND

2016-05-05T09:00:59
ID H1:136396
Type hackerone
Reporter dirtycoder
Modified 2016-05-06T04:59:27

Description

dirtycoder found an XSS vulnerability which could be executed if a user updated their name or email address to a malicious value. The scope of that XSS would be contained to their account. This was was reported at 9PM Thursday NZST, and fixed by 3PM Friday the next day.

I, and ThisData, am super grateful to dirtycoder for their clear and concise write up of this serious issue, and their quick and helpful responses during the incident response.

Thanks for helping to keep ThisData safe!