EPSS
Percentile
21.4%
Missing input check on Identifiers lead to stored XSS.
Identifiers
javascript:alert(document.domain)
Video PoC
P.s.: this exploit works in Firefox and Safari, not Chrome.
This vulnerability is capable of stealing cookies, key logging, etc.