Open Redirect in star7th/showdoc


Reported on

Nov 15th 2021


Open Redirect at login page due to unchecked "redirect" parameter.

Vulnerable parameter




Proof of Concept

Send users the following login link
After users use their registered account to login, they will be redirected to


By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.


We are processing your report and will contact the star7th/showdoc team within 24 hours. a year ago
We have contacted a member of the star7th/showdoc team and are waiting to hear back a year ago
KhanhCM modified the report
a year ago
KhanhCM modified the report
a year ago
We have sent a follow up to the star7th/showdoc team. We will try again in 7 days. a year ago
star7th validated this vulnerability a year ago
KhanhCM has been awarded the disclosure bounty
The fix bounty is now up for grabs
star7th marked this as fixed in 2.9.13 with commit 335afc a year ago
star7th has been awarded the fix bounty
This vulnerability will not receive a CVE
a year ago


Hi @star7th, @admin, I would be happy if my name (Chau Minh Khanh) be credited when this vulnerable is public on Snyk or anywhere else. Thanks a lot!

Jamie Slome
a year ago


@khanhchauminh - we will be publishing the CVE! The report URL (this page) will be included and naturally display your profile ♥️

Jamie Slome
a year ago


CVE published! 🎊

to join this conversation