TikTok: Cross site scripting via file upload in subdomain ads.tiktok.com
A file upload XSS cross-site scripting vulnerability was found in TikTok ads ticketing platform. Due to missing checks it was possible to upload .svg files which contained XSS payload. We thank @blubluuu for reporting this to our team and confirming its resolution...
