Adobe: Open redirect and reflected xss in[payload her]

ID H1:50379
Type hackerone
Reporter nijagaw
Modified 2015-05-20T17:48:29


Hi, there is a xss vulnerability and open redirect vulnerability in the return_url parameter for the following component: If a users tries to register or login after following this url: he will be redirected to google or will trigger the xss vulnerability.

Please see the poc videos below:

I would use this vulnerability to steal users session tokens or to redirect them to a fake login page where i could steal their passwords. Please let me know what if you think and if you need more details

Kind regards,