Spokeo Bug bounty Experience
Recently I reported a XSS bug at spokeo bug bounty program.
I don’t want to blame the company, sometimes we face like this.
Program : https://www.spokeo.com/security
“‘ — !></Script%0C><Script%0C>confirm(1)</Script/%0C>#
Endpoint : All purchase type -> “/purchase?addr_num=6&q=6+130th+Ave+SE,+Bellevue,+WA+98005'&type=inject” parameter
— — — —-
After reported I was waiting and checking regularly is that fix or any reply. But no response. After 9 days I checked the xss been fixed. Then again message them, the issue has been fixed. Then they reply :(
Why you response after fix and 9 days later?
Thanks for reading.