Hi all, I've discovered a Cross-Site Scripting (XSS) vulnerability at ZeroSSL web app (https://app.zerossl.com) which may lead to: - session hijacking - stealing a certificate private key, provided ZeroSSL has generated one - stealing a user account password hash I've first emailed ZeroSSL about the issue on 4 Jan 2023 in the morning, they got back to me the same day at noon and promised they'll i