Open ghost opened 4 years ago
Hello, I was doing a bug bounty for a company and stumbled upon an open redirect on the login page ~
User should be notified that they are leaving domain or shouldn't be redirected at-all. / Instead user gets redirected without any confirmation or notice. Portswigger refrence on open redirect: https://portswigger.net/kb/issues/00500100_open-redirection-reflected
Version: 2.8.2
Hello, I was doing a bug bounty for a company and stumbled upon an open redirect on the login page ~
Steps to reproduce:
Results (Expected/Actual):
User should be notified that they are leaving domain or shouldn't be redirected at-all. / Instead user gets redirected without any confirmation or notice. Portswigger refrence on open redirect: https://portswigger.net/kb/issues/00500100_open-redirection-reflected
Environment
Version: 2.8.2