Chaturbate: CSRF in REPORT EMOTICON feature
The hacker found that the report emoticon endpoint did not check the csrf token. This was resolved. Users can report to emoticons on the the basis of the expressions but the request made to https://chaturbate.com/emoticonreportabuse/emoticonname was a GET request which was not protected by CSRF...