| ▲ | tptacek 14 hours ago | |
Maybe? I don't know enough about the vulnerability. Is it serverside? Then it isn't worth very much. | ||
| ▲ | jrflowers 5 hours ago | parent [-] | |
>i quickly realised that this was the server-side serverless (lol) environment of their main documentation app, while this calls to a external api to do everything, we have the token it calls it with in the env. >alongside, we can poison the nextjs cache for everyone for any site, allowing mass xss, defacing, etc on any docs site. | ||