We got Adobe XSSed

When our security team leader started his path on HackerOne he started with Adobe bug bounty program. David already was present on their Security Acknowledgements list (2013) but he wanted to get a big company on his HackerOne profile so after a while he found a Reflected XSS (CWE-79) on their website.

You may notice that Adobe policy to fix this issue was pretty quick but to reply for a full disclosure of the report was a little harder.

Hope in the future they work their PR a little more.

Share this Post