Reverb.com: Persistent XSS in https://sandbox.reverb.com/item/

Description I found a Persistent XSS in a listing page. The flaw is in the SoundCloud link that the listing owner can attachThe parameter is called productsoundcloudlinkattributeslink. There's no encoding on the user input and it looks like there's only client-side validation. PoC The payload:...