Site icon API Security Blog

Cross-Site Scripting (XSS)

github.com/mattermost/mattermost-server is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker is able to send AJAX requests on behalf of the victim through OAuth flow completion endpoints via sharing a crafted link with a malicious state parameter.Read More

Exit mobile version