Cross Site Scripting (XSS) : 

Summary : Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007. 

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting.

Severity :  High  

Payload : Enter the payload here 

Complexity : Easy 

From : Remote / External

Impact :An Adversary can carry out XSS attack and also can take the cookie of the Admin and login through Admin Account. 
Also, an adversary can manage to login through any other users account with valid session cookies. 

Affected IP's : IP Address	Port
https://www.example.com/	443

Recommendations : 
Sanitize all the user inputs before executing them, also add XSS protection headers on server and client side.
 
References :
https://www.acunetix.com/websitesecurity/cross-site-scripting/
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet 
https://portswigger.net/web-security/cross-site-scripting 

Proof of Concept :