High
resolved
resolved
Mint Oauth2 access token for targeted user
Bug reported by Timothy Leung was disclosed at July 23, 2025, 12:06 am | Improper Authentication - Generic
The vulnerability allowed a group owner to create an application that was trusted by default, bypassing CSRF controls for the authorization flow. This enabled the minting of access tokens for targeted users without their consent.
High
resolved
resolved
XSS on Amazon Aquisition: elemental
Bug reported by Muhammad Qasim was disclosed at July 22, 2025, 12:48 am | Cross-site Scripting (XSS) - Reflected
The XSS vulnerability on Amazon's acquisition of Elemental was identified and addressed. The summary provided a brief overview of the issue.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
