Ok, the #bugbounty I mentioned last week was a stored XSS in Yahoo Mail, same impact as the previous (https://t.co/6wnNKBS6BY). I got green light for disclosing the asset etc. but can't publish the write-up for the time being. Maybe later. Thanks again @yahoosecurity! pic.twitter.com/DMufcwkbmT
— Jouko Pynnönen (@klikkioy) February 15, 2019