An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.