Stored XSS In World Beyblade Organization, Found by Ahsan Tahir

SITE: World Beyblade Organization

BUG: Stored XSS (cross-site-scripting)

SECURITY RISK: High

STATUS: Patched!

Reproduction Steps :

1- Login in to your account

2- Go to Your profile and  click on edit profile

3-  Now change tumblr and set it to cross site scripting payload "><img src=x onerror=prompt(/xss-by-ahsan/)>

4- Click update profile and go to your profile , pop up will be executed!

Proof Of Concept Screen Shot:

Proof Of Concept Video:

https://www.youtube.com/watch?v=AzZl2THz5GA