writeups.xyz / XSS on the Oauth callback URL with CSP bypass leading to zero-click account takeover

Submitter : c2a

Date: 29 October 2023

Bounty : undisclosed

Vulnerabilities :

Programs :

Undisclosed

Authors :

Serj Novoselov (@Novoselov_s)

Link :
https://infosecwriteups.com/xss-on-the-oauth-callback-url-with-csp-bypass-leading-to-zero-click-account-takeover-c6c870b234bd