TechFlow news: Paradigm researcher Samczsun announced on a social platform that the security vulnerability reported by X this morning has now been fixed.
Technical summary: A reflected XSS and CORS/CSP bypass in a subdomain of the X platform allowed arbitrary requests to the X API as an authenticated local user.
Previous report: Paradigm researcher samczsun posted on X that a critical vulnerability had been discovered on X, which could allow attackers to gain full access to user accounts simply by clicking a link. This would enable hackers to post tweets, retweet, like, block, and perform other actions, though they could not change the user's password.




