Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft.

In this report, the researcher identified a series of vulnerabilities that could be exploited together to exfiltrate sensitive user tokens. In this attack chain, one critical step was an image injection vulnerability in the Screenshot-Viewer function on the main site, at `https://www.rockstargames.com/screenshot-viewer/responsive/image`. We resolved this vulnerability, thus preventing the attack and protecting user tokens.