Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect

Cross Site Scripting (XSS)

com.twitter.android.lite.TwitterLiteActivity is set to exported and doesn't validate data pass to intent due to which this activity vulnerable to steal users local files, javascript injection and open redirect.

https://hackerone.com/reports/499348