DigitalSellz: Public profile is vulnerable to stored XSS / Facebook Token can be stolen

@robinlinus bypass our XSS protection system. This Vulnerability has been fixed...

DigitalSellz: Access to Amazon S3 bucket

@sameoldstory discovered a vulnerability that allows a user can gain access to S3. This Vulnerability has been fixed...

DigitalSellz: The product/status method CSRF

When we use the "on/off" buttons to set the products to be shown on the products page, a POST-request to https://www.digitalsellz.com/product/status is sent with only the product id as a parameter no other security tokens. So the idea is to make my rival visit a web page with a code like this:...

DigitalSellz: Own downloading link isn't properly checked in the email template

Thank you for your submission to Digitalsellz Bug program...

DigitalSellz: USER Account is not being deleted after user "Delete Account" from DASHBOARD

Hello, There is an option on DigitalSellz USER DASHBOARD called "Delete Account" https://www.digitalsellz.com/user//profile I tried to used this feature, i deleted my account with two simple clicks. than i visited my Public Profile link https://www.digitalsellz.com/publicprofile/PROFILE ID or...

DigitalSellz: Verbose SQL error messages

When an SQL error occurs, a verbose error is displayed showing the full query and the path of the include file on the server. This is valuable information, revealing the structure of the database and the layout of files on the server...