:A reflected Cross-Site Scripting vulnerability exists within the DiveBook log’s filter functionality. Arbitrary URL parameters are reflected into the application’s response, rendered by the browser as HTML or JavaScript. An attacker may abuse this functionality by sending a victim a crafted link containing JavaScript, which will execute within the context of the victim’s browser. The “scrolled” parameter is also vulnerable." Note (WPScanTeam): The attack will only work with web browsers not encoding URL parameters
The PoC will be displayed once the issue has been remediated