FirstBlood-#219DOM XSS
This issue was discovered on FirstBlood v1

On 2021-05-12, smhtahsin33 Level 3 reported:

Hello, Found a DOM xss on /register.php

Steps To Reproduce:

  1. Visit;
  2. Click on Return to previous page
  3. The alert will pop up :D

Impact: Javascript Code Execution

P3 Medium

Endpoint: /register.php

Parameter: ?ref=

Payload: javascript:confirm();

FirstBlood ID: 16
Vulnerability Type: Reflective XSS

The parameter "ref" is vulnerable to XSS on register.php. The developers failed to filter javascript: when used on "return to previous page"