HackerOne Bug Bounty Disclosure: stored-xss-in-“product-type”-field-executed-via-product-filtersbyglister