Blind XSS on Twitter's internal Big Data panel at █████████████
Critical
X
X (Formerly Twitter)
Submitted None
Team Summary
Official summary from X (Formerly Twitter)
An attacker appears to be able to send an XSS payload to Twitter staff members, using a Support Form. This XSS payload will execute in the context of an internal subdomain, allowing it to exfiltrate sensitive internal Twitter information.
Actions:
Reported by
iambouali
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Stored