Remote user impersonation and takeover
github.com
### Summary Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as...

If your instance is not up to date (see footer), you can pass this along to your admins to check