Reflected XSS on error page on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action

Hi :) In https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action `bookmarkPageId` parameter expects a number value. If you add XSS payload instead of number, an error page displays with XSS. PoC `https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action?bookmarkPageId="><img src=x onerror=alert(document.domain)>` {F816846} ## Impact XSS can use to steal cookies or to run arbitrary code on victim's browser.