Lumosity had a undiscovered DOM XSS vulnerability during their signup process. By injecting our payload into the name field we were able to get javascript interpreted back nicely in the edit page. Here is a screenshot. Also we can change our name parameter to our XSS payload and get javascript interpreted back the same way. This is a persistent DOM XSS vulnerability.
After reporting this within 4 days I got an email thanking me and I was rewarded with a month premium 😉
Thanks for the reward 😉
