quoted this blog past as an addition to the story.
Some of the XSS bugs were responsibly disclosed to the security team at ZScaler. Thanks to Michael Sutton for responding quickly. The vulnerability is patched now.
Proof of Concept is here:
We stick to responsible disclosure to build the community more secure.