Rockstar Games: XSS STORED AT socialclub.rockstargames.com (add friend request from profile attacker)

In this report, the researcher discovered a Stored XSS vulnerability in the Add Friend functionality. It worked by filling the optional Message field with a XSS payload utilized an SVG object tag and some character escaping. When the recipient of the malicious friend request clicked or tapped the...