Yelp: yelp.com and biz.yelp.com ATO via XSS + Cookie Bridge

The researcher discovered an XSS vulnerability on biz.yelp.com where the unverified email was reflected in a message, allowing for arbitrary JavaScript execution. This XSS was combined with Yelp's cookie bridge functionality to target other users, leaking HttpOnly session cookies and enabling...