Hello,
I want to inform you, that I found vulnerabilities on the Ezoic website. The vulnerabilities are Stored XSS and Bypass Rate Limit. In short, Stored XSS can impact multiple users who visit the affected page or interact with the compromised data. Such as, data theft, account compromise, malware distribution, and phishing attacks. While Bypass Rate Limit vulnerability allows the attacker to request something like forgot password request without limitation. It won't be a problem if the requests are only 10, but of course, will harm your server if the requests are 100.000 or even a million requests at a time.
I already contacted security@ezoic.com, as it stated on https://www.ezoic.com/security/ page, but I don't get any answer from them. Could you tell me where to report? I can give further explanations, steps to reproduce, and remediation steps for these vulnerabilities.
Hopefully, my findings could be appreciated as it should be. Thank you, and looking forward to hearing from you soon!
Best Regards,
Alqi