RXSS on ██████ via customerId parameter

A Reflected Cross-Site Scripting (XSS) vulnerability is identified on the Mars website at ██████. The vulnerability is located in the customerId parameter which is inadequately sanitized before being reflected back to users in the HTTP response. When the parameter is manipulated with malicious JavaScript code, the injected script is executed in the context of the user's browser. Specifically, the vulnerability can be exploited by utilizing the oncontentvisibilityautostatechange event attribute which is not properly filtered or encoded by the application. This security flaw allows an attacker to craft malicious URLs containing JavaScript payloads that execute when accessed by victims. The vulnerability was confirmed to be exploitable in Chrome browser but not in Firefox, suggesting possible browser-specific filter bypasses are being utilized.