Security News > 2020 > August > Meetup Critical Flaws Allow ‘Group’ Takeover, Payment Theft

A popular online social service, Meetup, has fixed several critical flaws in its website.

If exploited, the flaws could have enabled attackers to hijack any Meetup "Group," access the group's member details and even redirect Meetup payments to an attacker-owned PayPal account.

"Meetup takes reports about its data security very seriously, and appreciates Checkmarx's work in bringing these issues to our attention for investigation and follow up," according to a Meetup statement.

The first flaw researchers discovered was stored a cross-site scripting vulnerability on Meetup's discussion feature, which is activated by default in a Meetup group.

To exploit the flaw, an attacker simply needs to post a custom script to the Meetup discussion forum.

News URL

https://threatpost.com/critical-meetup-website-flaws-takeover-payment-theft/157934/