In April on the 19th I privately disclosed to Nespresso a XSS vulnerability that existed on their website. In particular the "My Orders" section of their website.
The bit I most enjoyed about this XSS was, you had to be authenticated for it to work.
Upon discovery of the vulnerability I set about trying to disclose the vulnerability, using LinkedIn I identified some IT Security Staff and a senior website developer. I contacted them and explained I wanted to disclose the security flaw in their website and please could they provide me with their work email addresses in order to prove that they are still valid employees and not disgruntled x-employees.
They were very quick (hours) to deny the vulnerability on a WAF, they managed to deliver a new website release on the 25th which managed to fix this vulnerability, I confirmed this to be the case and confirmed I could not find other XSS vulnerabilities on the same page.
Kudos and thank you to the guys at Nespressso (Magnus and Sergi) for their repose and the professionalism in which they had while working through the vulnerability.