Supply‑Chain XSS in Mintlify Let Attackers Run JS on Discord, X, and More

Daniel found a cross-site scripting flaw in Mintlify’s static asset endpoint that let attackers serve malicious SVGs through customers’ primary domains. Discord and other major companies using Mintlify were exposed to credential theft and account takeover via a single link. The team disclosed responsibly, coordinated fixes with Mintlify, and received about $11,000 in bounties.

Key Points

Mintlify’s /_mintlify/static/[subdomain]/[...route] endpoint allowed fetching static files from any Mintlify subdomain on a customer’s primary domain without enforcing a host match.
Although HTML/JS were blocked, SVG files were permitted; embedding JS in an SVG allowed XSS when the SVG was loaded directly, enabling credential theft and account takeover via a single link.
The initial markdown endpoint allowed cross-site file retrieval but returned non-executable markdown, pushing the researcher to inspect Mintlify’s CLI to find the exploitable static endpoint.
Discord reacted quickly: took docs offline for two hours, reverted to its old docs platform, and removed Mintlify routes; Mintlify collaborated rapidly to fix platform-wide issues.
This was a severe supply-chain vulnerability affecting many high-profile Mintlify customers; total bounty paid to the researchers was roughly $11,000.

Sentiment

The community largely agrees the vulnerability was serious and the disclosure was impressive, especially coming from a 16-year-old researcher. However, there is genuine debate — led by credentialed security experts — about the real-world exploitability and market value of XSS compared to higher-severity bugs. The discussion is technical and constructive, with the community agreeing on the architectural lesson (don't host third-party code on your primary domain) even while debating the severity and bounty fairness.

In Agreement

The $4,000 bounty from Discord was woefully inadequate for a vulnerability enabling JavaScript execution on discord.com's full origin, with access to auth tokens and the ability to impersonate millions of users
Discord made a critical architectural error by hosting Mintlify documentation directly at discord.com/_mintlify rather than isolating it on a separate subdomain or domain, violating the browser's same-origin security model
SVG files are inherently dangerous for content-serving contexts because they can contain executable JavaScript that runs when opened directly as a URL — Mintlify's static file server should never have served SVGs from customer documentation onto primary customer domains
This is a systemic supply-chain risk: any company hosting Mintlify docs on their primary domain was equally vulnerable, including financial institutions like Fidelity and Coinbase
Discord storing auth tokens in localStorage rather than HTTP-only cookies compounded the severity, making token theft trivially easy via XSS

Opposed

tptacek and others argue XSS vulnerabilities have minimal grey/black market value — they require social engineering to get a target to click a malicious link, lack the persistent exploitability of RCE, and confuse 'selling a vulnerability' with 'planning a heist'
Some security professionals consider $4,000 a fair or even generous bounty for a reflected XSS requiring user interaction, pointing to historical precedents of lower payouts for similar bugs
The 'supply chain attack' framing is disputed — several commenters argue this is a classic server-side XSS flaw in Mintlify's own code, not a compromised dependency in the traditional sense
Proper CSP headers on affected sites would have blocked arbitrary JavaScript execution, meaning some of the blamed companies could have protected themselves independently of Mintlify's bug
HTTP-only cookies do provide meaningful reduction in XSS impact even if they don't eliminate all attack vectors