Summary by Marcel_Malaeb
This submission reports a Reflected Cross-Site Scripting (XSS) vulnerability in the type parameter on nlsp.nasa.gov. The vulnerability allows an attacker to inject and execute arbitrary JavaScript in a user’s browser via a crafted URL. It was validated and triaged by Bugcrowd but marked as unresolved by NASA.
Users of this system should ensure proper input sanitization to prevent malicious script execution.