Notifications can mark as read by CSRF

Disclosed: 2015-01-03 01:29:25 By batuhan To x

Unknown

Vulnerability Details

<script src="https://twitter.com/i/notifications"></script> If a website use this code, visitor's Twitter notifications will be marked as read. You can easily check it locally, I'm not uploading any proof or file.

Actions

View on HackerOne

Report Stats

Report ID: 36980
State: Closed
Substate: informative
Upvotes: 4

Share this report