Open Redirect in erudika/scoold

Valid

Reported on

Dec 22nd 2021


Description

Hi erudika scoold team, there is an Open redirect in your source code at question url

Proof of Concept

  1. Go to this link https://pro.scoold.com/questions/space?returnto=https://google.com
  2. Observe that you are redirected to google.com

Impact

This vulnerability is capable of Open redirect.

We are processing your report and will contact the erudika/scoold team within 24 hours. a month ago
We have contacted a member of the erudika/scoold team and are waiting to hear back a month ago
We have sent a follow up to the erudika/scoold team. We will try again in 7 days. a month ago
Alex Bogdanovski validated this vulnerability a month ago
xiviu has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alex Bogdanovski confirmed that a fix has been merged on 6b9543 a month ago
Alex Bogdanovski has been awarded the fix bounty