@lucian and you can also use ronin-vulns to test individual URLs for reflected XSS:
$ ronin-vulns xss https://target/oauth/idp/logout?post_logout_redirect_uri=https://example.com/
#vulnscanner
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst