Our research uncovered multiple critical vulnerabilities in Base44, an AI-powered platform that lets you turn any idea into a fully functional custom app. These flaws ranged from an open redirect that leaked access tokens, to stored cross-site scripting (XSS), insecure authentication design, sensitive data leakage, and client-side-only enforcement of premium features. Together, they represented a…
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/08/critical-flaws-in-base44-exposed-sensitive-data-and-allowed-account-takeovers/
