Stored XSS on Facebook | OpnSec

tl;dr; Stored XSSes in Facebook wall by embedding an external video with Open Graph. When a user clicks to play the video, the XSS executes on facebook.com Introduction I reported multiple stored XSS

18 Mar 2018 ... The Open Graph protocol · The attacker posts a URL on a FB post · FB server fetches the URL (server side) and reads the OG meta tags to extract ...

Lee mas