XSS on ███████

Hi, If found XSS on █████████ ##Steps To Reproduce: 1- go to https://█████████/thredds/dap4/%221%3CScRiPt%3Ealert%289218%29%3C%2FScRiPt%3E 2- You will see XSS is fired. ##POC ███ ## Impact - Cookie Stealing - A malicious user can steal cookies and use them to gain access to the application. - Arbitrary requests - An attacker can use XSS to send requests that appear to be from the victim to the web server. - Malware download - XSS can prompt the user to download malware. Since the prompt looks like a legitimate request from the site, the user may be more likely to trust the request and actually install the malware. Defacement - attacker can deface the website using JavaScript code. Kind Regards, @0xElkot ## System Host(s) █████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce 1- go to https://██████/thredds/dap4/%221%3CScRiPt%3Ealert%289218%29%3C%2FScRiPt%3E 2- You will see XSS is fired. ## Suggested Mitigation/Remediation Actions