postMessage XSS — Crédit Agricole

Attacker origin:  |  Target: https://j-ecorenove.credit-agricole.fr/presentation-monenergiebyca