June 23, 2017
View all 1 Followers
View all 279 Related Articles
Related Articles (279)
The way the Square API delivers JSON output makes it possible for an attacker to engage in a cross-site scripting (XSS) under certain circumstances. The vulnerability was discovered by security researcher Ajay Chavda and reported to Square on August 7, 2015 through its bounty program on hackerone.
A bug in the API offered by Mercado Pago, the payment system operated by popular online marketplace Mercado Libre, allowed anyone to obtain an access token for any account.