Gratipay: URL Given leading to end users ending up in malicious sites

Hi, I found a design issue in the profile statement for the registered user. This is dependant on the end user however. In the profile statement, one can write something as well giving links is allowed. This, I think is by design. However, let us suppose the authenticated user creates a website o...

Gratipay: Cross Site Scripting In Profile Statement

Hey Sir, I Have found Cross Site ScriptingXSS Vulnerabilities in updating profile statement, This is Advance XSS Script, You can see it XSS-Gratipay.txt You can also see it live here: https://gratipay.com/MuhaddiMu/ Steps to produce: 1 Login To Your Account. 2 Click on Edit Statement 3 Copy and...

Gratipay: prevent %2f spoofed URLs in profile statement

https://gratipay.com%[email protected] on clicking on this url this link will take to the google.com or any other malicious url. On seeing it will look like the link will take to the gratipay but onclicking the url it will redirect to the malicious site.Attacker with the help social engg. techniques...