Razer US: Unauthenticated DOM-based XSS in pay.zvault.razerzone.com via the redir parameter.

Summary --- pay.zvault.razerzone.com is vulnerable to DOM-based XSS via the redir parameter. F219069 F219070 Affected Code --- js var redirectUrl = getUrlParameter'redir' // window.location.href; //alertredirectUrl; if isCrossOriginFrame window.location.href = redirectUrl; else...