DOM Based XSS on https://████ via backURL param

**Description:** The following endpoint suffers from DOM Based XSS ``` https://████████/██████=blocked:alert(document.domain) ``` The ████████ param determines the content which will be displayed on the "Back to Search Result" button, eventually leading to RXSS. ## References ██████ ## Regards nagli ## Impact Executing javascript on the victims behalf ## System Host(s) ████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce 1. Navigate to ``` https://█████/████=blocked:alert(document.domain) ``` 2. Click on "Back to Search Result" ## Suggested Mitigation/Remediation Actions Sanitize the user input and do not allow malicious schemes to be inserted per the user input.