Unexploitable CORS can lead to Stored XSS?
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNiC5jGt_Ay7l7feMX-VuhOL9lMIc-Go1qO3aBnv8pcq1sWHtJOuSwiVaKQh0eEZkgjGAc4PsotW69RLKPfD9xZ9hLUsoURblP-CFhQk5ZhiPfQtijH5qiyECzumERCP051qQZEjuNuBE/w640-h360/xss.jpg)
Heeeeeeey guys, this is the last bug I found but I liked it so I wanna share the idea with you let's go. Find CORS our target here is a private program on HackerOne so let's call it example.com, this website almost all endpoints is vulnerable to CORS 😂, I found a CORS in an endpoint which changing my name but the response didn't include private information to steal so it was unexploitable. Find Self-Stored XSS I spent hours testing the application and I found an interesting thing one of the endpoints display the current user's information in JSON format but the issue here is the Content-Type of the response is text/html and this is the first WOW, I looked to this information and I found that there is a parameter include the name of the user so I can change it and this is the second WOW, I get back and add an XSS payload on the name, after saving the payload I opened the endpoint and as expected the payload executed, and this is an example of the endpoint path http://e