Open Redirect Vulnerablility on /login

[mhdgning131]

Login page's ?next parameter actually redirect to anywhere user specify !
Server actually don't validate redirection URL leading to an Open Redirect vulnerability.

The server should verify redirection url with an allow list (chithi.dev) and drop every other redirection anywhere other than this one !

[baseplate-admin]

Hey that's actually a really good find (but in reality this likely will never be an issue because of how the site is designed, because the security token is HttpOnly)

Do you want this issue to be assigned to you?

[mhdgning131]

Yes, assign this issue to me.
Even though the HttpOnly token reduces the risk its still good to fix it now to kill any attack surface