Nir Goldshlager, Founder/CEO at Break Security known for finding serious flaws in Facebook once again on The Hacker News for sharing his new finding i.e Stored Cross-site Scripting (XSS) in Facebook Chat, Check In and Facebook Messenger. This vulnerability can be used to conduct a number of browser-based attacks including, Hijacking another user’s browser, Capturing sensitive information viewed by application users, Malicious code is executed by the user’s browser etc.
Source: https://thehackernews.com/2013/04/hacking-facebook-users-just-from-chat.html