Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
This is self inflicted XSS. Very limited to no risk.
RXSS On https://www1-2-pz.sewp.nasa.gov/
Disclosed by asjadbutt- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date 12 months ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by asjadbutt
A reflected Cross-Site Scripting (XSS) vulnerability was identified in the website's search functionality. This vulnerability allows an attacker to inject malicious client-side scripts into the search field, which are then "reflected" back to the user's browser as part of the search results page. When the browser renders the page, the malicious script executes within the context of the vulnerable website.