Reflected XSS at https://██████/██████ via "██████" parameter
Medium
U
U.S. Dept Of Defense
Submitted None
Actions:
Reported by
pelegn
Vulnerability Details
Technical details and impact analysis
There is Reflected Cross site scripting issue at the following url:
https://██████████/██████
Proof Of Concept
https://████████/█████████████████=%22%3E%3Csvg/onload=alert(1)%3E█████████
█████
Best Regards
@pelegn
## Impact
Cookies Exfiltration
SOAP Bypass
CORS Bypass
Executing javascript on the victim behalf
## System Host(s)
██████
## Affected Product(s) and Version(s)
## CVE Numbers
## Steps to Reproduce
Navigate to https://████████/████████████████████████=%22%3E%3Csvg/onload=alert(1)%3E██████████
## Suggested Mitigation/Remediation Actions
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected