Stored XSS Vulnerability in Tumblr

Hello Friends,

I started to participate in bug bounty in 2017 and found an XSS (Cross Site Scripting) vulnerability in Tumblr.

PoC Video:

I reported this to Tumblr.
Next day, Tumblr quickly patched this and rewarded me. 


I received my first bounty of $1000 from Tumblr.

I also received Tumblr t-shirt and stickers as a Swag/Gift.

I receive very good response from Tumblr Security Team.

Thanks Tumblr.


Popular posts from this blog

XSS like a Pro

Email Spoofing for Beginners

DoS on WAF Protected Sites by Abusing Cookie