Finally, if you intend to help the community, you should disclose the bugs reported after you fix them.
Bug Disclosures:Christy Philip Mathew found a local XSS bug in the next field entering the name text field. Javascript input was escaped on the server side, but was displayed on the client side in the html without escape, so no code injection could be made other than the attackers own computer.
The following 3 members all reported the same bug about the same time, which is a non severe XSS in the url that could only execute an alert message. document.location and document.cookie could not be executed so we deem this bug to be not severe.
- Issam Rabhi - @Issam_Rabhi
- Anand M
- Siddhesh Gawde
A small bitcoin reward had been sent to all these disclosures as a token of thank you.