My profile xss to other’s profile xss :P

How i got xss on other user by my profile

First i created an account on disclosing the site)

And xss was executed by just a normal xss payload .

So what ?

What can i do with that xss which only executes in my account

I went on digging more on that xss to trigger to other’s account

Thinking and thinking i accidentally saw refer to friend place where it also contains all the list of people’s name who created the account with our referrer link

Now boom when i tried creating a new account from my referrer link(Account A link) with js code it executed in my account (B).

Head of Security at NASSec