Hi,
I found a reflected XSS on []
.
The parameter yyy
is missing sanitization in the following url:
[]
Payload:
.......
1- Open the following link
2- XSS will trigger
[ss]
- hostile code insertion
- session hijacking
- user browser corruption
- encode special characters like
'
"
<
>
https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)
Best regards,
@Splint3r7