Critical stored XSS vulnerability in Instagram’s Spark AR Studio nets 14-year-old researcher $25,000

A 14-year-old ethical hacker has netted a $25,000 bug bounty after the discovery of a critical stored cross-site scripting (XSS) vulnerability in Instagram’s Spark AR Studio.