Board Thread:Watercooler/@comment-24235314-20150402180653/@comment-11733175-20150403230117

I don't think a tracker would be feasible, if only because the vast majority of admins would have no idea what constitutes a security vulnerability. CSS can be used to execute arbitrary js in some browsers, as well as mangle the UI to the point where a user can no longer use the site.