persistent XSS demo

Demonstration of a persistent XSS vulnerability.


status: unpatched
2021-12-06 to 2021-12-16 unresponded/ghosted messages through multiple channels to Thingiverse, MakerBot, and Stratasys
2021-12-19: published
2021-12-25: changed from youtube.com.subdomain to youtu.be.subdomain: No more phising warning in Chrome.