X (Formerly Twitter): XSS via Direct Message deeplinks
Description: By using a specially crafted payload as the value of the text parameter in a Direct Message deeplink, a malicious user can inject arbitrary HTML tags and possibly run arbitrary JavaScript code on the "twitter.com" origin. Steps To Reproduce: 1. Create a Direct Message deeplink by...