The hacker submitted open redirect vulnerability in one of our payment method flows. The vulnerability could have been also used to perform XSS attack.
write-up: https://medium.com/@ahmadbrainworks/bug-bounty-how-i-earned-550-in-less-than-5-minutes-open-redirect-chained-with-rxss-8957979070e5