XSS via referrer parameter

# Description Hi, i would like to report an XSS via `javascript` scheme in `https://www.twitterflightschool.com/student/award/[ID]?referer=`, the payload e need just a click of user to be triggered because the link will be placed in `a` tag. url:`https://www.twitterflightschool.com/student/award/███?referer=blocked:alert(document.domain)` I attached a video demonstration: {F818801} # Steps to reproduce 1. go to `https://www.twitterflightschool.com/student/award/████████?referer=blocked:alert(document.domain)` 2. click in "X" button in top left of the screen 3. XSS will be triggered ## Impact it is possible to perform malicious actions on the victim's account