Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation – Youssef Sammouda

http://ysamm.com/?p=783

https://twitter.com/home/status/1619685003478319105

https://twitter.com/home/status/1619763333254754304

https://twitter.com/home/status/1619814812795699206