Hi team
I found a reflected xss via search query on ████████ that allows an attacker to execute Javascript code into victim’s browser.
1- Doing subdomain enumeration of ██████████, i found the following one: ████████
2- On the search query i saw that is injecting inside an h6 html tag:
██████████
3- So to html escape, i used the following payload to trigger the XSS: </h6><image/src/onerror=alert(document.cookie)>
████
An incorrect sanitization of search query parameter allows an attacker to execute JS code into victim’s browser.
████
Proof-of-concept above on the description.
Sanitize input data from the user to avoid html/XSS injections.