Why don’t companies accept Clickjacking, CSRF, Stored XSS in their vulnerability list for bug bounty program?
Actually, I think that still do, but I think that these vulnerabilities are very common and cause of money expenses they do not care for those vulns
So what’s the case with SQLi and XSS then?
Well… I believe that these are the most critical vulnerabilities because these attacks are connected with the company and it’s customers.
As a result these are much more important threats