Hello Kang, Thank you for your report. Do you mean that when you send a message to a user with this payload, support.mozilla.org is no longer responsive? was the XSS payload executed? Thanks, Frida
Bug 1762414 Comment 2 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Hello Kang, Thank you for your report. Do you mean that when you send a message to a user with this payload, support.mozilla.org is no longer responsive? was the XSS payload executed? For reference, we do not prefer testing on support production instance, as mentioned in our scope: https://www.mozilla.org/en-US/security/bug-bounty/web-eligible-sites/. Please use the staging instance for testing: https://support.allizom.org/en-US/ Thanks, Frida