TikTok's pixel/sdk.js leaks current URL from websites using postMessage
Medium
T
TikTok
Submitted None
Team Summary
Official summary from TikTok
A vulnerability was found where an oauth token could have been leaked due to an origin check bypass in the TikTok Pixel SDK. We thank @fransrosen for reporting this to our team.
Actions:
Reported by
fransrosen
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Authorization