Veris: Complete or Edit Another User's Profile

Hi, I've found an issue where verified users can complete and submit a profile on behalf of another user. I've attached two video POCs unlisted on YouTube. Completion - https://www.youtube.com/watch?v=erH7ShUpqso Editing - https://youtu.be/IQboAIHNpq4 Steps to reproduce: 1. Register a new user...

Slack: Stored XSS in Slackbot Direct Messages

Whenever a new team is created, Slackbot uses automated profile completion by asking a few questions from the user like the first name, last name, skype account etc. But instead of providing the correct details we provide as input then Slackbot will cause the data go inside the anchor tag ... so...