Any person with a mailbox in a company using Office 365 could exploit this vulnerability to obtain full Administrative permissions over their entire company’s Office 365 environment using just a few lines of JavaScript Office 365 Vulnerability Allowed Unauthorized Administrator Access. It’s been fixed now 🙂