Document reflected XSS vuln

tuxology · tuxology · commit 2b6c38bb4b36 · 2017-10-10T16:01:25.000-07:00
diff --git a/README.md b/README.md
@@ -71,3 +71,13 @@ Customer;Month;Volume
 Netflix;January;200,000
 Palo Alto;January;200,000
 ```
+
+### XSS
+
+A reflected XSS vulnerability exists in the application and can be triggered using the _hidden_ `/debug` endpoint as follows:
+
+```
+http://localhost:8080/debug?customerId=1&clientId=1&firstName=a&lastName=b&dateOfBirth=123&ssn=123&socialSecurityNum=1&tin=123&phoneNumber=5432<scriscriptpt>alert(1)</sscriptcript>
+```
+
+It raises and alert dialogue and returns the Customer object data.
