Description

The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Using javascript: throws an error in parsing the url. But I bypassed it using javascript://%0A.

Proof of Concept

1. Open the https://www.admidio.org/demo_en/adm_program/system/redirect.php?url=javascript://%250aalert(document.domain)
2. If you click the `here`, you can see that occur a xss!

Impact

Through this vulnerability, an attacker is capable to execute malicious scripts.