Mail.ru: Cross application scripting via account.mail.ru
ID H1:470380 Type hackerone Reporter petser Modified 2019-03-11T11:56:08
Crossapplication scripting via User-Agent on push login confirmation functionality in mobile application in the context of account.mail.ru domain allowed session hijacking with minimal user interaction.
All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to email@example.com Vulners, 2018