Unveiling Security Vulnerability on a Microsoft Subdomain: Open Redirects to RXSS Exploitation
In this article, I am going to cover another security bug that I found on a Microsoft subdomain. Initially, when I visited https://ads.microsoft.com, I discovered that the “back” button on the user settings page was vulnerable to open redirects. To further investigate, I attempted an XSS  payload in order to escalate the vulnerability to RXSS. The attempt proved successful, and upon clicking the back button, the XSS was executed.
◘ 8th March 2023 — Report Submitted through MSRC Portal
◘ 8th March 2023 — MSRC team confirmed and opened a case for this issue
◘ 14th March 2023 — MSRC team changed the status Review / Repro to Develop
◘ 4th May 2023 — MSRC team changed the status Develop to Fix.
My Social Handles