Alliance of American Football : Stored xss in address field in billing activity at https://shop.aaf.com/Order/step1/index.cfm

Dear Team, Summary: add summary of the vulnerability After looking into https://shop.aaf.com/Order/step1/index.cfm i get to know that there is address field is vulnerable to stored xss which can lead to steal any user's cookie and can lead to complete account takeover Description: add more detail...