Stored XSS in — $5000

Hello Guys hope you all are doing well, fine and healthy during this hard time.

Introduction :

Hello, I am Vishal Bharad, from India and working as Penetration Tester, Now today I am going to share how I found Stored Cross-Site Scripting (XSS) in

Initial Discovery & Exploitation :

First of all I am not the XSS guy :D

Finally I decided to hunt on Apple. As we all know that apple is having large scope so I blindly choose and decided to find at least 1 bug on

I tried many vulnerabilities on such as CSRF, IDOR, Business Logic Bugs etc. and got nothing. I keep tried to find bugs on and after so many attempts I decided to find XSS on (As I am still not good at finding XSS :D)

So here I started the initial recon to find XSS. As we all know that we can try XSS where strings are reflected on webpage or in response.

So I have logged in with and inserted payloads everywhere and looked for the webpages where my payloads or strings over getting reflected in response. After so many attempts I got one endpoint where my payload was fired and It was my “Pursuit of Happiness”

XSS fired in Settings >> Browser All Versions.

Below is the step of reproduction where I was able to find stored XSS in and got $5000

Steps to Reproduce:

Now I got the XSS. So I decided to make full video that how attacker can able to triggers XSS on victim’s account.

Video is Attached to Demonstrate this Vulnerability.

Please watch full video in which I have demonstrate how 1st user can able to trigger XSS on 2nd user’s account.

Thank You for your time to read this article

Disclosure :


Looking forward to share more blogs

Best Regards

Vishal Bharad

Linkedin Profile :



Penetration Tester, Bug Bounty Hunter, Security Researcher

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store