How I find Stored Cross-site Scripting on Redact.com

Hello guys, I hope all are well. I am back with another findings.

This time I get multiple Stored XSS on a single program. Last time I posted a Stored XSS finding. Same target is concentrated. After I look at one endpoint. That endpoints ask for company details for advertisement purposes.

I enter normal text I simply review our data reflected anywhere on this site. After I view 7+ parameters are reflected in other endpoints. Then I enter “><h1>Test</h1> normal payload. 7+ parameters are affected. Then I go to enter XSS payload “><img src=x onerror=alert(‘xss’)>. Javascript alert() are fired.

This XSS only visible to my account, not for the public. Then I want to increase impact. After One hour I get one lead. I can able to share my profile with the public view.

This time any users view my profile page. He/she is affected by Stored XSS.

In a similar way, I get 5 more Stored XSS bugs in different endpoints.

I reported these bugs. I get a $$$ bounty.

Thank you & stay curious.