[Bug]: dm any people without being friends with

[Neqkoo]

Checked Existing

• I have checked the repository for duplicate issues.

What happened?

Recently, I found out a bug on the juxt website where you can dm people a blank message without being friends with, by simply going to a random dm, go to the post container, and then changing the pid of the person that you're messaging with to another person pid

I don't know and not sure if this works all the time, and if it can be abusable or not

What did you expect to happen?

I sometimes mess around to find any bugs to report them, I expected this one to fail, but it did not

Steps to reproduce?

[https://www.youtube.com/watch?v=bawTY0sHypA](url)

Other relevant information. (OPTIONAL)

No response

[jonbarrow]

For exploits like this please use the appropriate channels. We have an actual dedicated section for exploits. Things like this should not be report as public bugs, please use https://github.com/PretendoNetwork/juxtaposition-ui/security/advisories/new

[ExperiencersInternational]

For exploits like this please use the appropriate channels. We have an actual dedicated section for exploits. Things like this should not be report as public bugs, please use https://github.com/PretendoNetwork/juxtaposition-ui/security/advisories/new

It's not the OP's fault here, they originally posted this on Discord support and I advised them to report it on the GitHub as a bug since I didn't feel like it was a vulnerability (but I was clearly mistaken, can send you the original thread if you want).

Can confirm that we privately tested this though