Open Redirect in erudika/scoold

Valid

Reported on

Dec 22nd 2021

Description

Hi erudika scoold team, there is an Open redirect in your source code at question url

Proof of Concept

  1. Go to this link https://pro.scoold.com/questions/space?returnto=https://google.com
  2. Observe that you are redirected to google.com

Impact

This vulnerability is capable of Open redirect.

We are processing your report and will contact the erudika/scoold team within 24 hours. a year ago
We have contacted a member of the erudika/scoold team and are waiting to hear back a year ago
We have sent a follow up to the erudika/scoold team. We will try again in 7 days. a year ago
Alex Bogdanovski validated this vulnerability a year ago
xiviu has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alex Bogdanovski marked this as fixed with commit 6b9543 a year ago
Alex Bogdanovski has been awarded the fix bounty
This vulnerability will not receive a CVE
QuestionsController.java#L280 has been validated
to join this conversation