From securityaffairs.co
Cross-Site Scripting (XSS) issues are the most common vulnerabilities that received the highest amount of rewards on the HackerOne vulnerability reporting platform.
Cross-Site Scripting (XSS) is the most common vulnerability type and received the highest amount of rewards on the HackerOne vulnerability reporting platform.
XSS vulnerabilities accounted for 18% of all flaws reported by bug hunters, these issues received a total of $4.2 million in bounties paid by companies (+26% from last year).
The Cross Site Vulnerabilites received an average of just $501 per issue.
XSS vulnerabilities can be exploited by threat actors for multiple malicious activities, including account takeover and data theft.