I think I found my second bug. Thought, It was Htmli at first but I tried all night to bypass the WAF to achieve XSS. Finally, Found a way to bypass the WAF. 7 HTML attributes was passed without a problem. I used “onbeforescriptexecute” to perform a Stored XSS!.
Never Give Up! 🦾 https://t.co/EoGxoQajGD