| ▲ | miki123211 3 days ago | |
The XSS is the only real vulnerability here. "Hey guys, in this Tiktok video, I'll show you how to get an insane 70% discount on Eurostar. Just start a conversation with the Eurostar chatbot and put this magic code in the chat field..." | ||
| ▲ | eterm 3 days ago | parent [-] | |
That isn't that far removed from convincing people to hit F12 and enter that code in the console, which is why Self-XSS, while ideally prevented, is much lower than any kind of stored/reflected XSS. | ||