Zendesk: a stored xss in web widget chat

2016-12-22T19:18:55
ID H1:193462
Type hackerone
Reporter securitythinker
Modified 2017-03-18T16:06:15

Description

The researcher found a stored XSS vulnerability where an end-user was able to execute arbitrary Javascript against the Zendesk agent via the chat integration.

The researcher participated in the Zendesk 2016 holiday promotion and was awarded the Zendesk promotional bounty.