PlayStation: Reflected XSS on transact.playstation.com using postMessage from the opening window

Report Summary: When transact.playstation.com loads it handles messages received from postMessage in the receiveMessageFromTransactClientService method. The only validation that is performed is to ensure that the referrer and origin match: javascript receiveMessageFromTransactClientService:...