Open redirect at app.goodhire.com via ReturnUrl parameter
High
I
Inflection
Submitted None
Team Summary
Official summary from Inflection
At login, the ReturnURL parameter could be manipulated to send a user to any arbitrary URL, rather than just a local redirect, if the user was already logged into their GoodHire account and visited the login page again.
Actions:
Reported by
exception
Report Details
Additional information and metadata
State
Closed
Substate
Resolved