XSS in Meta API Gateway Leads to Zero-Click Account Takeover [$300k Bounty] | Dark Hacker News