Mail.ru: [afisha.mail.ru] HTML-инъекция через XSS на портале виджета
Insufficient input validation in combination with vulnerabilities in partner's site led to XSS in the context of afisha.mail.ru domains. afisha.mail.ru is no currently covered by Bug Bounty program. Insufficient movie id validation in a widget allowed using double dots to load arbitrary content...