[XSS] Reflected XSS via POST request in (███████)

A reflected Cross-Site Scripting (XSS) vulnerability is identified in the celular parameter of a POST request to the homepage of a Mars-owned website. The vulnerability is classified as medium severity with a CVSS score of 6.2. The application fails to properly sanitize user input before rendering it in the response, which allows arbitrary JavaScript code to be executed in the victim's browser context. This vulnerability was initially reported on May 14, 2025, and was subsequently verified by the security team. After remediation efforts, the issue was confirmed as resolved on June 11, 2025. The vulnerability falls under CWE-79 (Improper Neutralization of Input During Web Page Generation), which is a common web security issue that can lead to client-side code execution if exploited successfully.