Redbrick Shift up to and including 3.4.3 allows an malicious user to extract authentication tokens of services (such as Gmail, Outlook, etc.) used in the application.
rdbrck shift