A bug bounty hunter describes finding 5 stored XSS vulnerabilities on a private program worth $1,016.66 each, including techniques for bypassing input filters through payload placement, encoding variations (<), file upload abuse (.xhtml), and filter evasion by targeting unsanitized HTML in notifications.
A researcher demonstrates multiple XSS vulnerabilities in HubSpot and email-based systems: SVG file upload XSS via unfiltered image uploads, filename-based XSS payloads, and email field XSS in live chat modules that execute on admin side. The HubSpot report received points only, while a private freelancing site paid $450.
A researcher demonstrated how to escalate self-XSS into non-self stored XSS on PayPal's Technical Support and Brand Central portals by exploiting inadequate file content validation (allowing malicious SVG files) and authorization issues that permitted unauthenticated users to submit tickets to registered accounts. The vulnerability enabled attackers to inject malicious scripts that would execute when support staff or authorized users accessed the tickets.