Forcing Firefox to Execute XSS Payloads during 302 Redirects

gremwell.com – During a recent engagement I identified an open redirect where a GET parameter would be reflected as-is in the HTTP response Location header without any kind of sanitization. Something similar to thi…

Tweeted by @TheHackersNews https://twitter.com/TheHackersNews/status/1311712936964964352

← Zero Trust Architecture explained
Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613) →