Info of 685 Million Users at Risk Because of Multiple Branch.io XSS Flaws - Labarai Ingantattu

AdSense

Info of 685 Million Users at Risk Because of Multiple Branch.io XSS Flaws

The information of around 685 million Tinder, Western Union, Shopify, Yelp, and Imgur (among others) was at risk because of multiple DOM-XSS vulnerabilities found by vpnMentor on Branch.io domain while researching the client-side security state of dating apps.

Branch is an attribution platform designed to provide solutions which allow clients to track app usage stats across multiple devices, platforms, and channels.

The DOM-based cross-site scripting (XSS) vulnerability which put the data of more than 650 million users at risk was found by the vpnMentor research team on the go.tinder.com Tinder domain, with https://ift.tt/2CmdMrp being the affected endpoint.

"DOM-based XSS vulnerability, also known as “type-0 XSS” is a class of cross-site scripting vulnerability that appears within the DOM," said vpnMentor in their analysis. "It is a type of attack wherein th... (read more)

No comments

Powered by Blogger.