It was possible for an attacker to determine any Page Admin Role without any interaction
May the bruteforce be with you!
It was possible for an attacker to determine any Page Admin Role without any interaction
It was possible for an attacker to renew access to Apps
Two endpoints performing an Invite and a Removal to add and remove Contributers for Collections were missing rate limiting.
Every Invite would send a notification to that Friend.
There was a GraphQl request which could be malformed to get the Demographic Audience data insight for any Facebook Page.
Demographic Audience data insight - Country (specific in this bug)likes insight.