TikTok disclosed on HackerOne: Stored-XSS-ads.tiktok.com
A stored cross-site scripting (XSS) vulnerability was found on a TikTok Ads endpoint, making it possible for MP4 video files, or files with HTML or JS code to be executed in a user's browser. We thank @ahmed_xyz for reporting this to our team and confirming its remediation.
hackerone.com