U.S. Dept Of Defense: CSRF Based XSS @ https://██████████
Summary: Good Afternoon Team, I recently discovered subdomain https://██████████/█████████ from a POST Based XSS which when combined with CSRF allows for seemless XSS. ███ HTTP Request POST /██████ HTTP/1.1 Host: █████████ Connection: close Content-Length: 619 Cache-Control: max-age=0 sec-ch-ua:...