Zendesk: a stored xss in web widget chat

ID H1:193462
Type hackerone
Reporter securitythinker
Modified 2017-03-18T16:06:15


The researcher found a stored XSS vulnerability where an end-user was able to execute arbitrary Javascript against the Zendesk agent via the chat integration.

The researcher participated in the Zendesk 2016 holiday promotion and was awarded the Zendesk promotional bounty.