+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-07-28 (/Thread-HackerOne-Disclosed-Reports-2025-07-28)
HackerOne disclosed reports - 2025-07-28 - hashXploiter - 07-29-2025
Medium
resolved
resolved
RXSS on ██████ via customerId parameter
Bug reported by 0xUN7H1NK4BLE was disclosed at July 28, 2025, 7:17 pm | Cross-site Scripting (XSS) - Reflected
A Reflected Cross-Site Scripting (XSS) vulnerability was identified on the Mars website at ██████. The vulnerability was located in the customerId parameter, which was inadequately sanitized before being reflected back to users in the HTTP response. When the parameter was manipulated with malicious JavaScript code, the injected script was executed in the context of the user's browser.