Information Exposure Through an Error Message at news.starbucks.com
Discovered by seytan6161 on Starbucks

This issue took No information to triage and 0 Days and 13 hours to resolve once triaged.



I've discovered Information Exposure Through an Error Message on your system POC link:

https://news.starbucks.com/cms/index.php?/cp/login/forgotten_password_form=http://evil.com/?id=test-test

Vulnerable url --> https://news.starbucks.com/cms/index.php?/cp/login/forgotten_password_form=http://evil.com/?id=test-test

Proof screenshot attached.

Impact

Impact references:

https://cwe.mitre.org/data/definitions/209.html

Best regards