Summary by Bureau of Reclamation
The open redirect vulnerability was resolved, offending script deleted from the servers. A re-test by BugCrowd confirmed they were not able to reproduce.
Disclosure approved for the purpose of educating and raising awareness for the security community.
Summary by tonyverapo
An open redirect vulnerability exists on the website, allowing attackers to manipulate the "goto" parameter to redirect users to arbitrary domains. This vulnerability can be exploited for phishing attacks, leading users to malicious sites while appearing to come from a trusted source.
