Koo, India’s homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users. The vulnerability involves a stored cross-site scripting flaw (also known as persistent XSS) in Koo’s web application that allows malicious scripts to be embedded directly into the affected web application. The issue was discovered by security researcher Rahul Kankrale in July, following which a fix was rolled out by Koo on July 3.
Source: https://thehackernews.com/2021/08/indias-koo-twitter-like-service-found.html