TikTok: TikTok Session Donation CSRF via QR code login

A CSRF Cross Site Request Forgery vulnerability was reported in TikTok's QR code login which could have potentially caused a user to log into an attacker-controlled account. We thank @lauritz for reporting this to our team and confirming the resolution...

TikTok: [CSRF] TikTok Careers Portal Account Takeover

A missing CSRF protection and open redirect vulnerability was reported in the TikTok Careers portal single sign on flow which is used by applicants to apply for TikTok positions. This flaw was quickly remediated and does not impact TikTok.com or mobile application. We thank @lauritz for reporting...