uber.com may RCE by Flask Jinja2 Template Injection

The researcher found a Client side template injection in the address saving feature of wordpress that lets a user put in template code and get it executed in addresses section. This was classified as a stored self xss as there is no way for another client to access the endpoint where the XSS is stored.