TOPOPENREDIRECT.md

Top Open Redirect reports from HackerOne:

1. [cs.money] Open Redirect Leads to Account Takeover to CS Money - 338 upvotes, $0
2. XSS and Open Redirect on MoPub Login to X (Formerly Twitter) - 233 upvotes, $1540
3. Open Redirect in secure.showmax.com to Showmax - 225 upvotes, $550
4. Open redirect at https://inventory.upserve.com/http://google.com/ to Upserve - 162 upvotes, $1200
5. Open Redirect in Logout & Login to Expedia Group Bug Bounty - 149 upvotes, $1000
6. Open redirect due to scanning QR code via brave browser to Brave Software - 134 upvotes, $0
7. Open Redirect on central.uber.com allows for account takeover to Uber - 130 upvotes, $8000
8. CRLF to XSS & Open Redirection to TikTok - 91 upvotes, $0
9. Twitter lite(Android): Vulnerable to local file steal, Javascript injection, Open redirect to X (Formerly Twitter) - 86 upvotes, $0
10. Open redirect vulnerability to Rockstar Games - 80 upvotes, $250
11. Open redirect to Nord Security - 80 upvotes, $0
12. Open Redirect to Affirm - 71 upvotes, $0
13. [dev.twitter.com] XSS and Open Redirect to X (Formerly Twitter) - 68 upvotes, $1120
14. Reflected XSS & Open Redirect at mcs main domain to Mail.ru - 68 upvotes, $0
15. Open Redirect to Omise - 66 upvotes, $100
16. Chained open redirects and use of Ideographic Full Stop defeat Twitter's approach to blocking links to X (Formerly Twitter) - 61 upvotes, $560
17. Google API key leaks and security misconfiguration leads Open Redirect Vulnerability to Clario - 54 upvotes, $300
18. Open redirection at https://chaturbate.com/auth/login/ to Chaturbate - 54 upvotes, $0
19. Open Redirect on http://events.hackerone.com/redirect?url=https://naglinagli.github.io to HackerOne - 54 upvotes, $0
20. Open redirect using theme install to Shopify - 52 upvotes, $0
21. Open Redirection in index.php page to HackerOne - 52 upvotes, $0
22. Open Redirection in Login - Korean Starbucks to Starbucks - 52 upvotes, $0
23. Open Redirect on https://www.twitterflightschool.com/widgets/experience?destination_url=https://evil.com to X (Formerly Twitter) - 50 upvotes, $0
24. [crm.unikrn.com] Open Redirect to Unikrn - 49 upvotes, $0
25. Reflected xss and open redirect on larksuite.com using /?back_uri= parameter. to Lark Technologies - 48 upvotes, $0
26. Multiple Open Redirect on TikTok domains to TikTok - 47 upvotes, $0
27. Open redirect vuln on login to Vercel - 45 upvotes, $0
28. [dev.twitter.com] XSS and Open Redirect Protection Bypass to X (Formerly Twitter) - 44 upvotes, $1120
29. Open redirect on https://hq-api.upserve.com/ to Upserve - 43 upvotes, $0
30. Host Header Injection leads to Open Redirect and Content Spoofing or Text Injection. to Omise - 42 upvotes, $300
31. (HackerOne SSO-SAML) Login CSRF, Open Redirect, and Self-XSS Possible Exploitation to HackerOne - 42 upvotes, $0
32. Browser is not following proper flow for redirection cause open redirect to Brave Software - 41 upvotes, $500
33. [keybase.io] Open Redirect to Keybase - 40 upvotes, $500
34. Open Redirect via Non-Latin Subdomain in vcc-*.8x8.com/AGUI/█.php to 8x8 Bounty - 40 upvotes, $100
35. Open Redirect to X (Formerly Twitter) - 40 upvotes, $0
36. Open redirect protection (https://www.pixiv.net/jump.php) is broken for novels to pixiv - 39 upvotes, $200
37. Open redirect vulnerability in index.php to HackerOne - 39 upvotes, $0
38. http://www.nextcloud.com/wp-includes/js/swfupload/swfupload.swf allows open redirect / site defacement to Nextcloud - 39 upvotes, $0
39. Open Redirect Vulnerability in Action Pack to Internet Bug Bounty - 38 upvotes, $2400
40. Open Redirect filter bypass through '' character via URL parameter to Myndr - 37 upvotes, $0
41. (BYPASS) Open redirect and XSS in supporthiring.shopify.com to Shopify - 36 upvotes, $0
42. Open Redirect Vulnerability on TikTok Ads Portal to TikTok - 36 upvotes, $0
43. Open Redirect on www.redditinc.com via failed query param to Reddit - 35 upvotes, $0
44. Open Redirect on Gitllab Oauth leading to Acount Takeover to Vercel - 34 upvotes, $0
45. Bypassing Content-Security-Policy leads to open-redirect and iframe xss to Stripo Inc - 34 upvotes, $0
46. Open Redirection in [https://www.hackerone.com/index.php] to HackerOne - 32 upvotes, $0
47. GET based Open redirect on [streamlabs.com/content-hub/streamlabs-obs/search?query=] to Logitech - 31 upvotes, $100
48. [http2.cloudflare.com] Open Redirect to Cloudflare Vulnerability Disclosure - 31 upvotes, $0
49. Open Redirect TO Stealing aadvid to TikTok - 30 upvotes, $0
50. Open redirect bypass & SSRF Security Vulnerability to Smule - 29 upvotes, $0
51. Open Redirect on https://go.bitwala.com/ to Nuri - 29 upvotes, $0
52. Open Redirect (verkkopalvelu.lahitapiola.fi) to LocalTapiola - 28 upvotes, $400
53. Open redirect in bulk edit to Shopify - 28 upvotes, $0
54. Open Redirect through POST Request in OAuth to Moneybird - 28 upvotes, $0
55. Open Redirect и подмена ссылки в сниппете приложения VKMA to VK.com - 27 upvotes, $300
56. Open Redirect & Information Disclosure [mijn.werkenbijdefensie.nl] to Radancy - 27 upvotes, $0
57. Open Redirect via login avito.ru | Protection bypass to Avito - 27 upvotes, $0
58. Open Redirect at *.myshopify.com/account/login?checkout_url= to Shopify - 26 upvotes, $0
59. Open Redirection while saving User account Settings to Moneybird - 26 upvotes, $0
60. Open redirect bypass to Flickr - 25 upvotes, $300
61. Open Redirect at https://oauth.secure.pixiv.net to pixiv - 25 upvotes, $200
62. [idp.fr.cloud.gov] Open Redirect to GSA Bounty - 25 upvotes, $150
63. Open Redirect to Semrush - 25 upvotes, $0
64. Open redirect on the https://tt.hboeck.de to Hanno's projects - 25 upvotes, $0
65. Steal any users access_token via open redirect in https://streamlabs.com/global/identity?popup=1&r= to Logitech - 25 upvotes, $0
66. Open redirect on chaturbate.com (tipping/purchase_success) to Chaturbate - 24 upvotes, $250
67. Open Redirect Protection Bypass to X (Formerly Twitter) - 24 upvotes, $0
68. CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud to Acronis - 23 upvotes, $250
69. Interstitial redirect bypass / open redirect in https://hackerone.com/zendesk_session to HackerOne - 23 upvotes, $0
70. Open redirect in semrush.com to Semrush - 23 upvotes, $0
71. Open redirect on https://signin.rockstargames.com/connect/authorize/rsg to Rockstar Games - 23 upvotes, $0
72. open redirect while login at https://apps.dev.jupiterone.io can leak access code. to LifeOmic - 22 upvotes, $0
73. [song.link] Open Redirect to Linktree - 22 upvotes, $0
74. Open redirect at app.goodhire.com via ReturnUrl parameter to Inflection - 21 upvotes, $0
75. Open Redirect - Polycom Company Directory to 8x8 - 21 upvotes, $0
76. Instant open redirect on Live preview WEB Ide opening to GitLab - 20 upvotes, $1000
77. CBC "cut and paste" attack may cause Open Redirect(even XSS) to Uber - 20 upvotes, $500
78. use of unsafe host header leads to open redirect to Rockstar Games - 20 upvotes, $300
79. Open redirect allows changing iframe content in *.myshopify.com/admin/themes/<id>/editor to Shopify - 19 upvotes, $0
80. Open redirect in https://www.rockstargames.com/GTAOnline/restricted-content/agegate/form may lead to Facebook OAuth token theft to Rockstar Games - 19 upvotes, $0
81. Open Redirection to JetBlue - 19 upvotes, $0
82. Open redirect in user_saml via RelayState parameter to Nextcloud - 19 upvotes, $0
83. Open Redirect (6.0.0 < rails < 6.0.3.2) to Ruby on Rails - 18 upvotes, $1000
84. Open redirect в карусели сообщения бота to VK.com - 18 upvotes, $300
85. Open Redirection leads to redirect Users to malicious website to Unikrn - 18 upvotes, $50
86. Open redirection to New Relic - 18 upvotes, $0
87. Open Redirect through POST Request to Inflection - 18 upvotes, $0
88. Open Redirect on ███ to Smule - 18 upvotes, $0
89. Open redirect found on account.brave.com to Brave Software - 18 upvotes, $0
90. Open redirect using checkout_url to Shopify - 17 upvotes, $0
91. XSS on www.mapbox.com/authorize/ because of open redirect at /core/oauth/auth to Mapbox - 17 upvotes, $0
92. Open Redirect to Inflection - 17 upvotes, $0
93. Open Redirect - www.shopify.com to Shopify - 17 upvotes, $0
94. [intensedebate.com] Open Redirect to Automattic - 17 upvotes, $0
95. CVE-2022-45402: Apache Airflow: Open redirect during login to Internet Bug Bounty - 17 upvotes, $0
96. Open Redirection Vulnerability in m.vk.com to VK.com - 16 upvotes, $300
97. Limited Open redirection using SSO-SAML to HackerOne - 16 upvotes, $0
98. Open redirect / Reflected XSS payload in root that affects all your sites (store.starbucks.* / shop.starbucks.* / teavana.com) to Starbucks - 16 upvotes, $0
99. https://xmpp.nextcloud.com///;@www.google.com allows open redirect to Nextcloud - 16 upvotes, $0
100. Open redirect on marketing site to Shipt - 16 upvotes, $0
101. Open redirect on https://blog.fuzzing-project.org to Hanno's projects - 16 upvotes, $0
102. Open Redirect to Mail.ru - 16 upvotes, $0
103. Open Redirect - https://████████.jetblue.com/███?url= to JetBlue - 16 upvotes, $0
104. Open redirect affecting m.rockstargames.com/ to Rockstar Games - 15 upvotes, $0
105. [https://█████████/]&&[https://█████████/] Open Redirection to Lyst - 15 upvotes, $0
106. Open Redirect on www.redditinc.com via failed query param bypass after fixed bug #1257753 to Reddit - 15 upvotes, $0
107. Open Redirect on [My.com] to Mail.ru - 14 upvotes, $0
108. Open Redirect on the nl.wordpress.net to WordPress - 14 upvotes, $0
109. Open Redirect on Login Page of Stocky App to Shopify - 14 upvotes, $0
110. Open redirect by the parameter redirectUri in the URL to BlackRock - 14 upvotes, $0
111. Open Redirect ███.8x8.com to 8x8 - 14 upvotes, $0
112. open redirect in <your_zendesk>.zendesk.com to Zendesk - 13 upvotes, $0
113. Open redirect in "Language change". to HackerOne - 12 upvotes, $500
114. [apps.shopify.com] Open Redirect to Shopify - 12 upvotes, $500
115. Reflected XSS and Open Redirect in several parameters (viestinta.lahitapiola.fi) to LocalTapiola - 12 upvotes, $450
116. open redirect in eb9f.pivcac.prod.login.gov to GSA Bounty - 12 upvotes, $150
117. Open redirect on https://werkenbijdefensie.nl/ to Radancy - 12 upvotes, $0
118. Open Redirect on slack.com to Slack - 11 upvotes, $500
119. Open Redirect located at https://www.robinhood.com/oauth2/authorize/? to Robinhood - 11 upvotes, $100
120. (BYPASS) Open Redirect after login at http://ecommerce.shopify.com to Shopify - 11 upvotes, $0
121. Open Redirect in unifi.ubnt.com [Controller Finder] to Ubiquiti Inc. - 11 upvotes, $0
122. Goodhire Open Redirect to Inflection - 11 upvotes, $0
123. Open Redirect In passport.maps.me/logout/?next=//fb.com/ to Mail.ru - 11 upvotes, $0
124. Stored open redirect in about page to Flickr - 11 upvotes, $0
125. Open redirect на мобильной версии в контакте (m.vk.com to VK.com - 11 upvotes, $0
126. Open redirection at https://smartreports.mtncameroon.net to MTN Group - 11 upvotes, $0
127. Open redirection in OAuth to Shopify - 10 upvotes, $500
128. Open Redirect bypass and cookie leakage on www.lahitapiola.com to LocalTapiola - 10 upvotes, $400
129. Open redirect in securegatewayaccess.com / secure.chaturbate.com via prejoin_data parameter to Chaturbate - 10 upvotes, $250
130. Open redirect GET-Based on https://www.flickr.com/browser/upgrade/?continue= to Flickr - 10 upvotes, $150
131. [admin.c2fo.com] Open Redirect to C2FO - 10 upvotes, $0
132. [hekto] open redirect when target domain name is used as html filename on server to Node.js third-party modules - 10 upvotes, $0
133. Open redirect on rush.uber.com, business.uber.com, and help.uber.com to Uber - 10 upvotes, $0
134. Open Redirect On Your Login Panel to Zomato - 10 upvotes, $0
135. Open redirect open.rocket.chat/file-upload/ID/filename.svg to Rocket.Chat - 10 upvotes, $0
136. Open Redirect in www.shopify.dev Environment to Shopify - 10 upvotes, $0
137. Open redirect at mc-beta-cloud-acronis.com to Acronis - 10 upvotes, $0
138. Open Redirect in m.uber.com to Uber - 9 upvotes, $500
139. Open Redirect in riders.uber.com to Uber - 9 upvotes, $500
140. Open Redirect to Flickr - 9 upvotes, $258
141. Open redirect vulnerability to Slack - 9 upvotes, $0
142. [zaption.com] Open Redirect to Zaption - 9 upvotes, $0
143. Open redirect helps to steal Facebook access_token to Bumble - 9 upvotes, $0
144. Open redirection in OAuth to Shopify - 9 upvotes, $0
145. [Fix Bypass #541631] Open redirect on Signup to Vercel - 9 upvotes, $0
146. Open Redirect in the Path of vendhq.com to Vend VDP - 9 upvotes, $0
147. Open Redirect on Greater Asia domains to Starbucks - 9 upvotes, $0
148. Open redirect on https://www.glassdoor.com/profile/siwa.htm via state parameter to Glassdoor - 9 upvotes, $0
149. Open Redirect to JetBlue - 9 upvotes, $0
150. Reflected XSS via Unvalidated / Open Redirect in uber.com to Uber - 8 upvotes, $3000
151. Open Redirection on Uber.com to Uber - 8 upvotes, $500
152. Open Redirection Found in users.whisper.sh to Whisper - 8 upvotes, $30
153. Open redirection protection bypass (/cs/Satellite) to LocalTapiola - 8 upvotes, $0
154. Open Redirect in meeting.qiwi.com to QIWI - 8 upvotes, $0
155. [parc.informatica.com] Reflected Cross Site Scripting and Open Redirect to Informatica - 8 upvotes, $0
156. Open Redirect in <customer>.greenhouse.io to Greenhouse.io - 8 upvotes, $0
157. [connect.teavana.com] Open Redirect and abuse of connect.teavana.com to Starbucks - 8 upvotes, $0
158. OPEN REDIRECT to Nutanix - 8 upvotes, $0
159. Open Redirect through POST Request in www.redditinc.com to Reddit - 8 upvotes, $0
160. [rabota.mail.ru] Open Redirect to Mail.ru - 7 upvotes, $0
161. XSS and open redirect in verkkopalvelu.lahitapiola.fi to LocalTapiola - 7 upvotes, $0
162. [cooking.lady.mail.ru] Open Redirect to Mail.ru - 7 upvotes, $0
163. Open Redirect in shopify app URL to Shopify - 7 upvotes, $0
164. [BuddyPress 2.9.1] Open Redirect via "wp_http_referer" parameter on "bp-profile-edit" endpoint to WordPress - 7 upvotes, $0
165. Open redirect deceive in hackerone.com via another open redirect link. to HackerOne - 7 upvotes, $0
166. Open Redirection on auth.rbk.money to RBKmoney - 7 upvotes, $0
167. Open redirection in https://zeit.co/login?next= to Vercel - 7 upvotes, $0
168. Open Redirect in comment section to ExpressionEngine - 7 upvotes, $0
169. [Bypass] Code injection to open redirect in https://insights.newrelic.com/accounts/2521182/dashboards/1026927 to New Relic - 7 upvotes, $0
170. Potential Open-Redirection to Ian Dunn - 7 upvotes, $0
171. Hong Kong - Open Redirect on card.starbucks.com.hk to Starbucks - 7 upvotes, $0
172. Open redirection bypass in /www/admin/campaign-modify.php to Revive Adserver - 7 upvotes, $0
173. Open redirect (DOM-based) on av.ru via "return_url" parameter (Login form) to Azbuka Vkusa - 7 upvotes, $0
174. Open Redirect on https://██.8x8.com/login?nextPage=%2F to 8x8 - 7 upvotes, $0
175. Open redirection on login to New Relic - 6 upvotes, $0
176. Open Redirect possible in https://www.shopify.com/admin/ to Shopify - 6 upvotes, $0
177. [ml.money.mail.ru] Open Redirect to Mail.ru - 6 upvotes, $0
178. [qpt.mail.ru] CRLF Injection / Open Redirect to Mail.ru - 6 upvotes, $0
179. Open Redirection at https://it.mail.ru/ to Mail.ru - 6 upvotes, $0
180. Open Redirect at "city-mobil.ru" to Mail.ru - 6 upvotes, $0
181. Open Redirect and CRLF Injection Leads to XSS on [app.doma.uchi.ru] to Mail.ru - 6 upvotes, $0
182. Open redirect that can lead to malicious websites to AMBER AI - 6 upvotes, $0
183. open redirect in rfc6749 to Internet Bug Bounty - 5 upvotes, $3000
184. Open Redirect leak of authenticity_token lead to full account take over. to X (Formerly Twitter) - 5 upvotes, $1400
185. Open Redirect after login at http://ecommerce.shopify.com to Shopify - 5 upvotes, $500
186. Open Redirector via (apps/files_pdfviewer) for un-authenticated users. to ownCloud - 5 upvotes, $150
187. Open redirect on "Unsupported browser" warning to Nextcloud - 5 upvotes, $150
188. Open Redirect vulnerability in moneybird.com to Moneybird - 5 upvotes, $0
189. [skyliner.io / qa.skyliner.io] Open Redirect to Skyliner - 5 upvotes, $0
190. [qiwi.com] Open Redirect to QIWI - 5 upvotes, $0
191. [status.zopim.com] Open Redirect to Zendesk - 5 upvotes, $0
192. Open Redirect in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
193. Open Redirect to Mail.ru - 5 upvotes, $0
194. Open-redirect on login.xero.com to Xero - 5 upvotes, $0
195. Open Redirect to Mail.ru - 5 upvotes, $0
196. Open redirect while disconnecting authenticated account to Weblate - 5 upvotes, $0
197. Open redirect while disconnecting Email to Weblate - 5 upvotes, $0
198. Open redirects protection bypass to ExpressionEngine - 5 upvotes, $0
199. Open redirect vulnerability in a DoD website to U.S. Dept Of Defense - 5 upvotes, $0
200. Open Redirection in SmartHistory KhanAcademy to Khan Academy - 4 upvotes, $0
201. Open-redirect on hackerone.com to HackerOne - 4 upvotes, $0
202. Open-redirect on paragonie.com to Paragon Initiative Enterprises - 4 upvotes, $0
203. Open redirection bypass to New Relic - 4 upvotes, $0
204. [marketplace.informatica.com] Open Redirect to Informatica - 4 upvotes, $0
205. Login Open Redirect to New Relic - 4 upvotes, $0
206. [it.mail.ru] Open Redirect to Mail.ru - 4 upvotes, $0
207. [Repository Import] Open Redirect via "continue[to]" parameter to GitLab - 4 upvotes, $0
208. Unvalidated / Open Redirect to Zendesk - 4 upvotes, $0
209. OPEN REDIRECTION at every 302 HTTP CODE to Brave Software - 4 upvotes, $0
210. Cross Site Scripting and Open Redirect in affiliate-preview.php file to Revive Adserver - 4 upvotes, $0
211. Open Redirect at https://www.nutanix.com/tw/login via icid parameter to Nutanix - 4 upvotes, $0
212. Reflected XSS and Open Redirect (verkkopalvelu.lahitapiola.fi) to LocalTapiola - 3 upvotes, $400
213. Host Header is not validated resulting in Open Redirect to IRCCloud - 3 upvotes, $100
214. Open Redirect login account to Slack - 3 upvotes, $100
215. Open Redirection In connect.identity.stagaws.visma.com to Visma Public - 3 upvotes, $100
216. Open Redirect via Request-URI to Yahoo! - 3 upvotes, $0
217. WebSummit - Open Redirect to WebSummit - 3 upvotes, $0
218. Open redirection to New Relic - 3 upvotes, $0
219. Open redirection bypass . to New Relic - 3 upvotes, $0
220. [api.login.icq.net] Open Redirect to Mail.ru - 3 upvotes, $0
221. Open Redirect to New Relic - 3 upvotes, $0
222. Open redirect to GitLab - 3 upvotes, $0
223. Open redirect in Signing in via Social Sites to Weblate - 3 upvotes, $0
224. Open Redirect via "next" parameter in third-party authentication to Weblate - 3 upvotes, $0
225. Open redirect on sign in to Coinbase - 3 upvotes, $0
226. CPU utilization 99% on visiting wordpress site url & open redirect found to Automattic - 3 upvotes, $0
227. [tanks.mail.ru] Open Redirect to Mail.ru - 3 upvotes, $0
228. Open redirect in switch account functionality to Revive Adserver - 3 upvotes, $0
229. Open Redirect at █████ to U.S. Dept Of Defense - 3 upvotes, $0
230. Trick make all fixed open redirect links vulnerable again to Slack - 2 upvotes, $1000
231. Open redirection in fabric.io to X (Formerly Twitter) - 2 upvotes, $280
232. Yahoo open redirect using ad to Yahoo! - 2 upvotes, $0
233. https://www.khanacademy.org/login open-redirect to Khan Academy - 2 upvotes, $0
234. OAuth open redirect to Respondly - 2 upvotes, $0
235. Open redirect on tw.money.yahoo.com to Yahoo! - 2 upvotes, $0
236. Open Redirect in Slack to Slack - 2 upvotes, $0
237. open redirect in https://slack.com to Slack - 2 upvotes, $0
238. Open Redirection to Urban Dictionary - 2 upvotes, $0
239. Open redirect and reflected xss in http://youthvoices.adobe.com/community?return_url=[payload her] to Adobe - 2 upvotes, $0
240. Open redirect filter bypass to Zaption - 2 upvotes, $0
241. XSS and Open Redirect on https://jobs.dubizzle.com/ to OLX - 2 upvotes, $0
242. open redirection at login to New Relic - 2 upvotes, $0
243. owncloud.com open redirect to ownCloud - 2 upvotes, $0
244. Open redirect in Serendipity (exit.php) to Hanno's projects - 2 upvotes, $0
245. China - Open redirect at trackinghub.starbucks.com.cn to Starbucks - 2 upvotes, $0
246. Open redirect - user interaction needed (verkkopalvelu.lahitapiola.fi/e2/..) - based on #179328 to LocalTapiola - 2 upvotes, $0
247. open redirect sends authenticity_token to any website or (ip address) to X (Formerly Twitter) - 1 upvotes, $560
248. open redirect to RelateIQ - 1 upvotes, $0
249. Open Redirect in WordPress Feed Statistics {Affected All Versions} to Automattic - 1 upvotes, $0
250. Open redirection on secure.phabricator.com to Phabricator - 1 upvotes, $0
251. Open Redirection Security Filter bypassed to Vimeo - 1 upvotes, $0
252. Open Redirect on [blog.wavecell.com] to 8x8 - 1 upvotes, $0
253. Open redirect in ck.php and lg.php to Revive Adserver - 1 upvotes, $0
254. Open redirect in fastify-static via mishandled user's input when attempt to redirect to Fastify - 1 upvotes, $0
255. Vulnerability Name: URL Redirection / Unvalidate Open Redirect to Reddit - 1 upvotes, $0
256. open redirect to a remote website which can phish users to Concrete CMS - 1 upvotes, $0
257. Open Redirect to WePay - 0 upvotes, $300
258. oauth redirect uri validation bug leads to open redirect and account compromise to WePay - 0 upvotes, $0