Yelp: No rate limiting for confirmation email lead to email flooding
Description: There is no rate limiting implemented in sending the confirmation email. Thus, attacker can use this vulnerability to bomb out the email inbox of the victim. Affected URL: https://biz.yelp.com/welcome/resendconfirmation with POST method Details: 1. Login to biz.yelp.com 2. Go to...