? @h1Disclosed just shared a great #BugBounty find! ? @bxmbn found a Reflected XSS vulnerability in the Expedia Group’s origCity parameter that allowed them to bypass the WAF. ? They received a $300 reward! ? Check out the details ?? https://t.co/MlE5vwtNPh #CyberSecurity ?