[████████] RXSS via "CurrentFolder" parameter

The website █████ is vulnerable to reflected cross-site scripting via the `CurrentFolder` parameter. ## How to reproduce? Visit: https://██████/landpower/resources.aspx?Directory=/20/&ParentID=27&CurrentFolder=%3Cimg%20src%20onerror=alert(domain)%3EResources&ID=17263 ███ ## Resources: https://portswigger.net/web-security/cross-site-scripting ## Impact An attacker who exploits a cross-site scripting vulnerability is typically able to: * Impersonate or masquerade as the victim user. * Carry out any action that the user is able to perform. * Read any data that the user is able to access. * Capture the user's login credentials. * Perform virtual defacement of the web site. * Inject trojan functionality into the web site. ## System Host(s) ████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce Visit: https://██████████/landpower/resources.aspx?Directory=/20/&ParentID=27&CurrentFolder=%3Cimg%20src%20onerror=alert(domain)%3EResources&ID=17263 ## Suggested Mitigation/Remediation Actions Escape user input