FirstBlood-#1283 — Reflected XSS on /book-appointment.html endpoint in the `redirect url` parameter
This issue was discovered on FirstBlood v3
On 2022-12-09, mr_xhunt reported:
I found the endpoint
/book-appointment.htmlused to redirect to
/book-appointment.php, so I used the
redirect_urlparameter found already and with simple js payload got the xss
Steps to Reproduce:
The attacker can leak the users cookie and takeover their account.
redirect_urlvalue is accepted without sanitization.
The parameter value must be sanitized before redirect.
FirstBlood ID: 46
Vulnerability Type: Reflective XSS