SquareUp Open Redirection

07:38 Posted by Ali Hassan Ghori
During Password resetting, I observe something, that Password token link is redirected first through subscriptions link. where 'r' is the parameter and value can be any website.
Steps To Reproduce:
1- After Password Reset email, Copy Link Address.

2- Address URI look like this: 

Video PoC: