#Quidco Self XSS
Simple DOM XSS this time as I didnt see any values reflected.
Simple Payload Used…
#<img src=x onerror=prompt(/OPENBUGBOUNTY/)>
March 18th – DM sent to quidco
March 30th – Tweeted them https://twitter.com/Random_Robbie/status/847353071449423874
March 30th – Response received https://twitter.com/quidco/status/847400878990532608
Patched at some point with out telling me!