Hi all! Mi name is David Tapia. I would like to disclose an XSS vulnerability in images.samsung.com. I tried to warn them two months ago using their bug bounty program, but they answered me saying that it is only available for their Smart TVs . I totally agree with them but they could have fixed it since this happened almost 3 months ago. The same vulnerability could be exploited in a domain of Adobe Scene 7, but they already have fixed it (without giving me any Security Acknowledgment). Here is the proof of concept: http://images.samsung.com/s7ondemand/brochure/flash_brochure.jsp?company=samsung&sku=&config=233%22;alert%28'XSS'%29;//&zoomwidth = Best Regards, David Tapia