Today I learned about another CSRF redirector by another group of people in web application security called GNUCITIZEN.

Similar to the previous CSRF redirector it contains the same XSS vulnerability through the javascript URI scheme.

Example:

http://www.gnucitizen.org/util/csrf?..._url=javascript:alert(/.../);

Update: The bug is fixed for now...