Automattic: xss filter bypass [polldaddy]

Hi, previously reported xss https://hackerone.com/reports/107405 which is fixed, but i am able to bypass that fix. Payload for bypass : Click Here Steps: - Login into Polldaddy account polldaddy.com - go to POLLS and create new poll - in answers. enter xss payload Click Here F217173 - Save it - g...

Automattic: CSV Injection in polldaddy.com

Hello, We can inject commands in any fields of a member in an email group =210 for example, and when it's exported to CSV it will be evaluated to 20 in the corresponding cell, this enables an attacker to spread malware and execute system level commands on a victim's machine if the victim download...