Self-XSS and $$$?

A total of 34 people participated in this survey and 62% of the participants said No.

Bugcrowd VRT (

Self-XSS is considered as P5 in Bugcrowd VRT. Of course, this changes for each bug bounty program. Although self-XSS is usually not evaluated, it’s evaluated sometimes with bounty or only rep / kudos. You can find a few Hackerone public reports at below to explain that.

Also, when you find a self-XSS on the app, you should try to make it more valuable XSS using login CSRF, clickjacking etc. You can read the following great write-ups related to this topic!

We know that the right answers can not be achieved with few answers. We hope to provide more accurate information with more responses. Stay tuned! ^_^

Like what you read? Give Bugbounty Surveys 📊 a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.