Starbucks: Reflected XSS on card.starbucks.com.sg/unsub.php via the 'ct' Parameter
gnux discovered a reflected XSS in https://card.starbucks.com.sg/unsub.php due to an unsanitized user-input via the ct parameter. @gnux— thank you for reporting this vulnerability and confirming the resolution...