Wouldn't similar vulnerability be present in most SAAS platforms? All of them include tons of analytics scripts on their website. If you are a logged in user, your session presumably includes a token (encrypted cookie?) to use the SAAS API.
Therefor in theory other scripts loaded on the page could grab the token and make authenticated API calls as well? Although I guess this is mitigated by verifying script integrity when loading scripts from CDN (e.g. integrity attribute of script tag)?
There are a few approaches, but yes, one thing I hope to do by publishing this is to draw attention to the problem of third party Javacript scripts running in a privileged environment and not on e.g the marketing page.
Therefor in theory other scripts loaded on the page could grab the token and make authenticated API calls as well? Although I guess this is mitigated by verifying script integrity when loading scripts from CDN (e.g. integrity attribute of script tag)?