Authenticated reflected XSS on liberapay.com via the back_to parameter when leaving a team.

Disclosed: 2018-06-02 13:18:47 By techguynoob To liberapay

Low

Vulnerability Details

###Poc : <https://en.liberapay.com/jio/membership/leave?back_to=http://example.com/> Click the cancel button its redirect to 3rd party site. Regards, techguy ## Impact This vulnerability could redirect users to the attackers websites for phishing attacks.

Actions

View on HackerOne

Report Stats

Report ID: 360797
State: Closed
Substate: resolved
Upvotes: 16

Authenticated reflected XSS on liberapay.com via the back_to parameter when leaving a team.

Vulnerability Details

Actions

Report Stats

Share this report