Automattic: DOM XSS on multiple Automattic domains through postMessages

A DOM XSS vulnerability was found on widgets.wp.com allowing injection of scripts into the DOM. This was combined with a vulnerability in the Jetpack WordPress plugin where postMessages from widgets.wp.com were used to populate avatar URLs without validation, leading to DOM XSS on WordPress sites...

Khan Academy: xss due to incorrect handling of postmessages

Due to Insecure handling of create link tags a tags in a function called autolink found in 7Bmt.af733e428f9f986dfc96.js js e = n.autolinke, !0; const n = function const e = /\b?:?:https?://|www\d0,3.|a-z0-9.-+.a-z2,4/?:^\s&+|&|?:^\s|?:^\s+\+?:?:^\s|?:^\s+\|^\s!\;:'".,?«»“”‘’&/gi; return...

Mail.ru: invalid handling of redirect_uri at o2.mail.ru/jsapi/button

o2.mail.ru/jsapi/button gets embedded as login window in website that using o2 oauth. parameter redirecturi by default may have either value of white listed domain from particular app by clientId either it may lead to .mail.ru, then it contacts with parent window via postmessages. Other domains a...