Hi there, there is a stored XSS in Oauth application name.
/oauth/applications
and create a new application with name <img src>
.Authorize
and see that a pop up appears with userβs cookies.Link to POC https://drive.google.com/file/d/1r4bwjW803k_8RhNXAyRZK6Qa6hU6W9cS/view?usp=sharing