I am working with some devs who have been helping me fix vulnerabilities, and this is one that was injected as a proof of concept. It's cleaned up now. Thanks for checking out Bitcoin Beats! @sox

NEEDcreations

ProofOfCash is one of the white hat hackers nyms haha

optimism

'<div style="width:44px;...;">' + ((t.coverArt || t.coverUrl) ? '<img src="' + _safeCover(t.coverUrl || t.coverArt) + '" style="width:100%;height:100%;object-fit:cover;">' : (t.genre === 'podcast' ? '🎙️' : '🎵')) + '</div>'

happened with image upload, values are inserted raw inside an HTML string.

Music

Education

lightning

New Music Streaming platform (Lightning enabled, empowering artists)

```html
'<div style="width:44px;...;">' + ((t.coverArt || t.coverUrl) ? '<img src="' + _safeCover(t.coverUrl || t.coverArt) + '" style="width:100%;height:100%;object-fit:cover;">' : (t.genre === 'podcast' ? '🎙️' : '🎵')) + '</div>'
```

happened with image upload, values are inserted raw inside an HTML string.

resulting in:
```html
<img src="" onerror="alert('beats-update-XSS')" style="width:100%;height:100%;object-fit:cover;">
```

or

```html
<img src="" onerror="alert('beats-XSS-by-ProofOfCash')" style="width:100%;height:100%;object-fit:cover;">
```

it's even branded `ProofOfCash` lol