Nowadays the trend which is too popular in the social media is Sarahah. Sarahah is an anonymous messaging app which will help you to receive messages without knowing the person. Recently Shawar Khan embedded a video in his website about XSS vulnerability in Sarahah.
This vulnerability is mentioned by Defencely.com and they mentioned that this vulnerability is caused due to the insecure reflection of the message when new messages are loaded. They mentioned that the messages are not properly filtered out from the database
The exploitation script can capture messages, change emails and delete accounts. Shawar Khan posted XSS exploit code on his GitHub account. Some users mentioned that now this vulnerability is removed but some are saying that code is still applicable. The whole video is present on Shawar Khan’s site. So, You can check it there.
This XSS vulnerability affects only browser user. If you are using it from the mobile app then you are safe. Before this, many ones were saying that this app is selling user data to advertisement company. This app has millions of download in just a few days.