Summary by MandipGuragai
A reflected XSS vulnerability was discovered on a NASA subdomain via unsanitized User-Agent input. The initial report was marked as Informational, but this submission demonstrates a full exploit chain using a proxy-based payload to trigger JavaScript execution on a trusted NASA URL. This can lead to session hijacking and phishing attacks. The issue was responsibly reported via Bugcrowd.