I reported this security issue on August and I've not got any answer...
Affected domain: compose.io
Vulnerability description: Stored XSS affecting multiple fields and sections.
- Go to Admin --> Users https://app.compose.io/[your name]/mongo/[your user]/users---> Add new user
- Type your payload in the name field and type a random password, then confirm the user.
A few images...
They offer Hall of Fame ---> https://bugcrowd.com/list-of-bug-bounty-programs
Their Hall of Fame ----> https://www.compose.io/security