Liberapay: Authenticated reflected XSS on liberapay.com via the back_to parameter when leaving a team.

2018-06-01T13:46:52
ID H1:360797
Type hackerone
Reporter techguynoob
Modified 2018-06-02T13:18:47

Description

Poc :

<https://en.liberapay.com/jio/membership/leave?back_to=http://example.com/>

Click the cancel button its redirect to 3rd party site.

Regards, techguy

Impact

This vulnerability could redirect users to the attackers websites for phishing attacks.