Starbucks: Japan - CSRF in webapp.starbucks.co.jp with user interaction could leak an access token if the user was not using Chrome
elber discovered a CSRF in webapp.starbucks.co.jp leaked an access token if an authenticated user opened a crafted HTML file in a browser other than Chrome which has Same Site Attribute for the cookie set by default. elber also demonstrated the ability to add a Starbucks card to the account with...