How We Pwned X (Twitter), Vercel, Cursor, Discord, and Hundreds of Companies Through a Supply-chain Attack

A 16-year-old hacker discovered a critical XSS vulnerability in Mintlify, an AI documentation platform used by major companies like Discord and Twitter. By exploiting this vulnerability, attackers could inject malicious scripts into company documentation, risking user credentials. After identifying the flaw during Discord's transition to Mintlify, he and collaborators reported the issue, leading Discord to temporarily revert documentation changes and Mintlify to quickly patch vulnerabilities. The incident highlighted the risks of supply chain attacks and resulted in around $11,000 in bug bounties.

https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top