BugCrowd Bug Bounty Disclosure: P3 – Reflected XSS in `type` parameter on nlsp.nasa.gov – Marcel_Malaeb

October 30, 2025
Reflected XSS in `type` parameter on nlsp.nasa.gov

Reflected XSS in `type` parameter on nlsp.nasa.gov

Researcher: Marcel_Malaeb
Engagement: National Aeronautics and Space Administration (NASA) – Vulnerability Disclosure Program
Disclosed at: 2025-10-30T13:59:55Z
Priority: P3
Status: Resolved

Summary

This submission reports a Reflected Cross-Site Scripting (XSS) vulnerability in the type parameter on nlsp.nasa.gov. The vulnerability allows an attacker to inject and execute arbitrary JavaScript in a user’s browser via a crafted URL. It was validated and triaged by Bugcrowd but marked as unresolved by NASA.

Users of this system should ensure proper input sanitization to prevent malicious script execution.

Activity Feed

Actor Details Timestamp (UTC)
Marcel_Malaeb Marcel_Malaeb sent a: message 2025-10-30T15:37:19Z
Martin_NASA Martin_NASA published 2025-10-30T13:59:55Z
Martin_NASA Martin_NASA sent a: message 2025-10-30T13:59:43Z
Marcel_Malaeb Marcel_Malaeb sent a: message 2025-10-29T21:44:58Z
Person_Bugcrowd Person_Bugcrowd changed the state to to resolved 2025-10-29T20:09:59Z
Marcel_Malaeb Marcel_Malaeb sent a: message 2025-10-28T12:37:57Z
Marcel_Malaeb Marcel_Malaeb sent a: message 2025-10-16T21:50:56Z
lemonade-bugcrowd lemonade-bugcrowd marked the response request as resolved 2025-09-26T07:46:03Z
lemonade-bugcrowd lemonade-bugcrowd sent a: message 2025-09-26T07:46:03Z
Marcel_Malaeb Marcel_Malaeb submitted a response request from 2025-09-25T19:07:49Z
Marcel_Malaeb Marcel_Malaeb sent a: message 2025-09-16T16:20:45Z
Martin_NASA Martin_NASA marked the response request as resolved 2025-09-16T15:46:20Z
Martin_NASA Martin_NASA sent a: message 2025-09-16T15:46:19Z
Marcel_Malaeb Marcel_Malaeb submitted a response request from 2025-09-16T15:30:47Z
Marcel_Malaeb Marcel_Malaeb requested 2025-09-13T11:50:38Z
Marcel_Malaeb Marcel_Malaeb sent a: message 2025-09-12T20:09:23Z
Marcel_Malaeb Marcel_Malaeb sent a: message 2025-08-28T15:37:35Z
Marcel_Malaeb Marcel_Malaeb sent a: message 2025-08-24T22:20:19Z
Martin_NASA Martin_NASA changed the state to to unresolved 2025-08-22T15:26:29Z
Mason357_Bugcrowd Mason357_Bugcrowd sent a: message 2025-08-20T16:30:03Z
Mason357_Bugcrowd Mason357_Bugcrowd changed the state to to triaged 2025-08-20T16:29:57Z
Marcel_Malaeb Marcel_Malaeb created the submission 2025-08-19T23:09:19Z

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features
Buy Me A Coffee Patreon
Tags: , ,

You may have missed

Bugcrowd Logo

BugCrowd Bug Bounty Disclosure: P3 – Reflected XSS in `type` parameter on nlsp.nasa.gov – Marcel_Malaeb

October 30, 2025
image

[AKIRA] – Ransomware Victim: Econo-Pak

October 30, 2025
image

[RANSOMHOUSE] – Ransomware Victim: ASKUL

October 30, 2025
image

[AKIRA] – Ransomware Victim: RPI Roofing

October 30, 2025
image

[AKIRA] – Ransomware Victim: The Gerson

October 30, 2025