Mail.ru: Clickjacking Vulnerability via https://www.donationalerts.com/help/support leads to bypass for widget.support.my.games X-Frame Options

Clickjacking protection bypass on widget.support.my.games via donationalerts.com...

Mail.ru: Account Takeover possibility via https://awards.donationalerts.com using login with twitch.tv

Authentication procedure with twitch.tv oAuth allowed account takeover on awards.donationalerts.com...

Mail.ru: Data URI Stored XSS on Donations Page

XSS in donationalerts.com on donations page while previewing the text data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIEhlcmUiKTs8L3NjcmlwdD4K...

Mail.ru: donationalerts.com limitations bypass

Domain limitation for CORS in api-awards.donationalerts.com were incorrectly checked, it allowed crossdomain API requests...