|
|
|
|
|
|
by haste410
2494 days ago
|
|
|
This is mentioned in the article along with a way for spammers to get around it. "There is an option that states “No, only show invitations to which I have responded”. This prevents the first method of injecting events from working. However, BHIS found that it is possible to set the target’s response status to “Accepted” using the Google API. This effectively bypasses this security setting." |
|
|