tl;dr; Stored XSSes in Facebook wall by embedding an external video with Open Graph. When a user clicks to play the video, the XSS executes on facebook.com Introduction I reported multiple stored XSS
18 Mar 2018 ... The Open Graph protocol · The attacker posts a URL on a FB post · FB server
fetches the URL (server side) and reads the OG meta tags to extract ...