2026-03-20 13:04:45
rapid7
PUBLISHED
The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domains WAF using a Safari-specific onpagereveal payload.