Reporter David Tapia
Mi name is David Tapia. I would like to disclose an XSS vulnerability in
images.samsung.com. I tried to warn them two months ago using their bug
bounty program, but they answered me saying that it is only available for
their Smart TVs . I totally agree with them but they could have fixed it
since this happened almost 3 months ago.
The same vulnerability could be exploited in a domain of Adobe Scene 7, but
they already have fixed it (without giving me any Security Acknowledgment).
Here is the proof of concept: