TikTok: Stored XSS on TikTok's backend leads to the leakage of highly sensitive administrator data (Cookies, API Keys, Internal Paths, Emails, phone numbers).
A stored cross-site scripting vulnerability was discovered in TikTok's contact form backend. Malicious code submitted through the form executed when administrators viewed the submission, exposing sensitive internal data such as cookies, API keys, internal paths, emails, and phone numbers...