XSS in https://merchant.kartpay.com/settlements

**Parameter** ``Search`` **Payload** ``"><img src=x onerror=alert(domain)>`` **URL** ``https://merchant.kartpay.com/settlements`` **Steps to reproduce** 1. Go to URL: https://merchant.kartpay.com/settlements 2. Enter above payload. 3. You will see xss payload getting executed. {F535235} {F535234} {F535236} ## Impact Cross-site scripting is a flaw that allows users to inject HTML or JavaScript code into a page enabling arbitrary input. There are two main variants of XSS, stored and reflected.