A reflected Cross-Site Scripting (XSS) vulnerability was identified in the celular parameter of a POST request to the homepage of a Mars-owned website. The vulnerability was classified as medium severity with a CVSS score of 6.2. The application failed to properly sanitize user input before rendering it in the response, which allowed arbitrary JavaScript code to be executed in the victim's browser context. The vulnerability was initially reported on May 14, 2025 and was subsequently verified by the security team. After remediation efforts, the issue was confirmed as resolved on June 11, 2025. The vulnerability fell under CWE-79 (Improper Neutralization of Input During Web Page…Read More
Mars: [XSS] Reflected XSS via POST request in (███████)
