"Meetup Critical Flaws Allow 'Group' Takeover, Payment Theft"

Researchers at Checkmarx have disclosed several critical flaws in the popular online social service, Meetup, which have now been fixed. Meetup is a platform used to find events and build groups based on similar interests. The exploitation of the flaws discovered in the platform could have allowed attackers to take over any Meetup group, access members' details, and redirect Meetup payments to a PayPal account belonging to an attacker. One of the security flaws was a Cross-Site Scripting (XSS) vulnerability contained by Meetup's discussion feature. Another problem the researchers found was a Cross-Site Request Forgery (CSRF) glitch on the Payments Received API endpoint of Meetup. This article continues to discuss the security issues found in the Meetup platform. 

Threatpost reports "Meetup Critical Flaws Allow 'Group' Takeover, Payment Theft"