$5k is such a small payout for this sort of finding.

It's actually pretty on-par for most bug bounties. They used the same exploit on a few programs and got $11k total which ain't bad return on time.

No I know it's on par I guess better rephrasing would be the par is still too low

Compared to what? What's your baseline for how much a user-interaction-required XSS vulnerability should be worth?

	▲	sans_souse 3 days ago \| parent [-]
		I'm not basing it on math. Are you saying tho that 2.5k wouldhave been adequate in 2019? I expect 5k would have been on par then too. But idk