OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

An attack flow that combines API flaws within “log in with” implementations and Web injection bugs could affect millions of websites.