#Quidco Self XSS

Simple DOM XSS this time as I didnt see any values reflected.

Simple Payload Used…

 

#<img src=x onerror=prompt(/OPENBUGBOUNTY/)>

 

Timeline:
March 18th – DM sent to quidco
March 30th – Tweeted them https://twitter.com/Random_Robbie/status/847353071449423874
March 30th – Response received https://twitter.com/quidco/status/847400878990532608

Patched at some point with out telling me!