Mars: RXSS on ██████ via customerId parameter

A Reflected Cross-Site Scripting XSS vulnerability was identified on the Mars website at ██████. The vulnerability was located in the customerId parameter, which was inadequately sanitized before being reflected back to users in the HTTP response. When the parameter was manipulated with malicious...

Mars: Sqli on ██████ search functionality

A SQL injection vulnerability was reported on the search functionality of the ██████ website. The vulnerability allowed an attacker to inject malicious SQL code into the search query...

Mars: sqli on █████████ search functionality

A SQL injection vulnerability was found in the search functionality of the █████████ website...

Mars: ' Full Account Takeover ' at █████

A severe vulnerability was identified in the login functionality of a website belonging to Mars. An unauthorized actor could manipulate the server's response from the ██████████ endpoint to gain unauthorized access to any user account on the platform, leading to a full account takeover...

Mars: Jolokia Reflected XSS

Summary: salam Hi team i hope you are well , after doing some recon on mars.com i saw that the website use jolkia 1.3.5 it's vulnerable to reflected XSS Steps To Reproduce: 1. Vuln Link : https://couponsmanager-uat.b2b.mars.com/jolokia/read%3Csvg%20onload=alertdocument.cookie%3E?mimeType=text/htm...

mars.nasa.gov XSS vulnerability

Open Bug Bounty ID: OBB-291196 Description| Value ---|--- Affected Website:| mars.nasa.gov Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...