Supply‑Chain XSS in Mintlify Let Attackers Run JS on Discord, X, and More

Daniel found a cross-site scripting flaw in Mintlify’s static asset endpoint that let attackers serve malicious SVGs through customers’ primary domains. Discord and other major companies using Mintlify were exposed to credential theft and account takeover via a single link. The team disclosed responsibly, coordinated fixes with Mintlify, and received about $11,000 in bounties.

Key Points

Mintlify’s /_mintlify/static/[subdomain]/[...route] endpoint allowed fetching static files from any Mintlify subdomain on a customer’s primary domain without enforcing a host match.
Although HTML/JS were blocked, SVG files were permitted; embedding JS in an SVG allowed XSS when the SVG was loaded directly, enabling credential theft and account takeover via a single link.
The initial markdown endpoint allowed cross-site file retrieval but returned non-executable markdown, pushing the researcher to inspect Mintlify’s CLI to find the exploitable static endpoint.
Discord reacted quickly: took docs offline for two hours, reverted to its old docs platform, and removed Mintlify routes; Mintlify collaborated rapidly to fix platform-wide issues.
This was a severe supply-chain vulnerability affecting many high-profile Mintlify customers; total bounty paid to the researchers was roughly $11,000.

Sentiment

The overall sentiment is a mix of admiration for the researchers, significant concern about the security posture of modern web platforms, and strong criticism regarding the low bug bounty payouts. Many users are frustrated by what they perceive as companies neglecting fundamental security practices and devaluing the critical work of ethical hackers. There's a cynical view of the incentives in the security and tech industry, with a general agreement that such vulnerabilities are common and often go unrewarded adequately.

In Agreement

The exploit is serious, easily abused, and could lead to complete account takeover, credential theft, and API misuse across major platforms like Discord (superasn, notnullorvoid, hackermondev, s_ting765).
SVG files' ability to embed and execute scripts is a fundamental security flaw that often leads to vulnerabilities when treated as 'dumb images' (dllu, poorman, lelandfe, exceptione, orliesaurus).
Serving less-trusted third-party content (like docs) from a primary domain, especially without strict isolation or CSP, is a critical architectural mistake that enables severe XSS impact (bri3d, tick_tock_tick, odensc, __float).
Modern web development, particularly involving complex dependency stacks and reliance on third-party services, is inherently fragile and prone to such widespread supply-chain issues (tptacek, llmslave2, da_grift_shift).
Many companies prioritize 'moving fast' and features over robust security hardening, leading to preventable vulnerabilities (lrvick, mihaaly, doganugurlu, ta1999).

Opposed

The bug bounty payouts, particularly Discord's $4,000, are considered 'pathetic,' 'a slap in the face,' and insufficient given the severity of the vulnerability and its potential impact on millions of users (superasn, snvzz, PenguinCoder, padjo, dfedbeef, normie3000, tuesdaynight, jijijijij, finghin, oxandonly).
Some argue that the black market value for XSS vulnerabilities is low or non-existent, as they are time-sensitive, easily patched, and don't fit the 'operationalized exploit' model favored by high-paying buyers (tptacek, arcwhite, mpeg, 0x3f).
The exploit requires user interaction (clicking a crafted link), which limits its widespread, automated impact compared to zero-click RCE vulnerabilities (mpeg, 0x3f, rainonmoon).
While serious, some commenters questioned the classification of this specific XSS as a 'supply-chain attack,' viewing it more as a classic XSS facilitated by a third-party service (Illniyar, bink, whimsicalism).
The article's claims about 'account takeover' lacked initial technical clarity, particularly regarding HTTP-only cookies and specific authentication token storage (jdsleppy, rainonmoon, bangaladore). (However, Daniel later clarified that Discord stored tokens in local storage).