[parc.informatica.com] Reflected Cross Site Scripting and Open Redirect

Hi ! I just want to report you a vulnerability in your subdomain ,,parc'' **Description** In this link *https://parc.informatica.com/partners/apex/Cloud_chat?endpoint=* the vulnerable parameter is ,,endpoint''. Once the parameter takes the value of a XSS vector or a website link the code is executed after we complete the form. **Steps to reproduce** Go to *https://parc.informatica.com/partners/apex/Cloud_chat?endpoint=blocked:alert(document.domain)* After you complete the form, alert executed document.domain . and Open redirect: *https://parc.informatica.com/partners/apex/Cloud_chat?endpoint=http://evil.com* after you complete the form, you are redirected to evil.com I think it's valid because in your scope is *.informatica.com Thanks for attention !