Without the website being open source, I would have to perform a black box audit, and finding those vulnerabilities is definitely possible but might require more time.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
If dev.to was not open source, would you still be able to find this discovery? How much more effort? Using different approach? Thanks
Without the website being open source, I would have to perform a black box audit, and finding those vulnerabilities is definitely possible but might require more time.