Stored XSS Vulnerability in Jotform and H1C Private Site

Recently, I found a critical stored Cross Site Scripting vulnerability in Jotform and other private site.

By exploiting the bug, hackers can easily takeover any user account.

Attack Scenario:

Victim creates any form like survey or contact form.
Hackers get and visits the form URL.
Now, Hacker just enter the script in the Name field and submit the form.
When victim login to his account and check the form entries or submissions, script got executed.
Then hackers can easily takeover the victim account.

I reported this bug to Jotform security team, they fixed the issue and rewarded me a small bounty.

Later, I found the same bug in H1C (Hackerone Challenge) private site.

They accepted and Triage my report and rewarded me a $1000 bounty.

Also, I found the same bug many times in other sites.

Thanks for reading 

Hope you like this article.


  1. Great post, it was nice to see this article. It was really appreciable. Thank you so much for sharing such an informative article. Checkout here more info about hire a hacker


Post a Comment

Popular posts from this blog

XSS like a Pro

Email Spoofing for Beginners

DoS on WAF Protected Sites by Abusing Cookie