TikTok has fixed two security flaws that could have allowed attackers to take over accounts with a single click when chained together for users who signed-up via third-party apps. The social media platform owned by Beijing-based ByteDance is used for sharing short-form looping mobile videos of 3 to 60 seconds. Bug bounty hunter Muhammed Taskiran discovered a reflected cross-site scripting (XSS) security bug also known as a non-persistent XSS in a TikTok URL parameter.
Source: https://www.bleepingcomputer.com/news/security/tiktok-fixes-bugs-allowing-account-takeover-with-one-click/