Saturday, August 22, 2015

XSS in Magento (Bug Bounty)

I got a XSS Vulnerability in Magento Commerce ( They have a bug bounty program. I have reported it to their security team via email. However they didnt replied to me even a single reply. But, after 2 months.. They have replied and gave me a bounty of $60 :)

Video POC:

 This is the Video POC.
POC Image:




June 4 ----------- Reported

August 4 -------- Fixed

August 25 ------ Replied and gave  $60 bounty


  1. Great blog. All posts have something to learn. Your work is very good and i appreciate you and hoping for some more informative posts.keep writing
    magento development company in bangalore