[www.███] Reflected Cross-Site Scripting

**Description:** Good morning, there's a reflected cross-site scripting vulnerability on https://www.██████████/█████ There was some difficult in making a payload for this vulnerability, mainly due to the WAF blocking some vectors; But exploitation is still possible. Here's a proof of concept showing an alert popup. https://www.████/███████?██████=-20a")});a=alert;a(1);// ## References ## Impact A reflected cross-site scripting vulnerability can allow common client-side attacks. ## System Host(s) www.██████████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce 1. Open the following URL: https://www.███/█████?█████=-20a")});a=alert;a(1);// 2. An alert box should pop-up, indicating the presence of the vulnerability. ## Suggested Mitigation/Remediation Actions