A 16-year-old hacker discovered a critical XSS vulnerability in Mintlify, an AI documentation platform used by major companies like Discord and Twitter. By exploiting this vulnerability, attackers could inject malicious scripts into company documentation, risking user credentials. After identifying the flaw during Discord's transition to Mintlify, he and collaborators reported the issue, leading Discord to temporarily revert documentation changes and Mintlify to quickly patch vulnerabilities. The incident highlighted the risks of supply chain attacks and resulted in around $11,000 in bug bounties.
https://gist.github.com/hackermondev/5e2cdc32849405fff6b46957747a2d28

