Hey, I found a clickjacking vulnerability in HootSuite.
Risk: Low
Steps to reproduce:
1. Make a new html file, code:
<html>
<head>
<title>Clickjack test page</title>
</head>
<body>
<iframe src="https://site.com" width="500" height="500"></iframe>
</body>
</html>
Instead of site.com, we have to enter the site, which we want to test!
They did not patched the bug, as they think that they don't have time to patch low impact bugs!
But, I was listed in their Hall of Fame!
Link: https://hootsuite.com/security/
