thank you! always want to make this kind of this more accessible – especially since its so interesting.
I can only say the grey market becomes more enticing every time.
I personally feel like pure web bugs like this just generally get paid less (on the bounty market only) due to a strange kind of prejudice– people expect the big-ticket bugs to be binary or cryptography, and tend to dismiss XSS, even when the impact is extremely high, as in this bug.
