Security researcher Frans Rosén discovered a stored cross-site scripting (XSS) vulnerability on Facebook while initially investigating flaws on Dropbox. By syncing a file with a specially crafted name from Dropbox to Facebook, Rosén triggered the XSS vulnerability within Facebook's share feature, which was initially limited to user interaction. However, he later found that the XSS could be executed merely by visiting a specific URL, posing a significant security risk. Rosén reported these findings to Facebook, which promptly patched the vulnerability after confirming it was a broader issue related to improper escaping of file names. His responsible disclosure and collaboration with Facebook led to the vulnerability being fixed swiftly, and he was subsequently acknowledged with a bug bounty reward.