Hello, I’m a repairing pintester. I apologize for earlier for my clumsy English. I suppose I found xss but I can’t prove it. the developer says that he only affects me. Although I saw a lot of similar ones where Zhanna xss vulnerability was rewarded.
That means its a self xss. Try chaining it with other vulnerabilities
try to produce the vulnerabity in diff browser i think your xss is reflected or DOM so to prove that is vulnerable you have to send the link to a probable victim (run the link in private navigator)
It’s difficult to help you without more context about the vulnerability.
I’m just parsing all of this, but when using xss, a token was displayed on my page. if possible, I can answer in telegrams. provide detailed information