Cache Poisoning Allows Zero Interaction Store XSS

##Steps To Reproduce: **Attacker Step** 1.Login to your account ``https://www.trendyol.com/en/login`` 2.Then Go to this url ``https://www.trendyol.com/en/account`` 3.Then refresh this page and intercept this request then send to repeater tab 4.Then change **User-Agent:** header value ``</script><img src=1 onerror="Function('ale'+'rt(document.cookie)')()">`` and add **sw.js** paramerter. 5.Send 3 request. **As the victim:** 1.Go to this url ``https://www.trendyol.com/en/account?sw.js`` . Now you can see that store XSS is execute. {F3900026} ## Impact Stored XSS in www.trendyol.com