Can escape the meta
tag because the user doesn’t escape the double-quote in the $redirectUrl
parameter when logging out.
https://<server>/demo/api/logout?redirect_to=/asdf"><iframe onload=alert(document.domain)>
Through this vulnerability, an attacker is capable to execute malicious scripts.