Our Security Researcher found a vulnerability in a parameter in a URL in the address bar of the browser. Read more about how he did it, and how he was able to exploit it to carry out a few harmless changes.