9.
A one-click account takeover via postMessage (t.co)
A postMessage OAuth redirect flaw produced full-access token theft without phishing or a fake login page
@_naaash_ on Backlist
1 appearance on the backlist front page in the last 30 days.