Authored by Omar Hashim

Nortek Linear eMerge E3-Series version 0.32-07p suffers from a vulnerability where session fixation tied with cross site scripting can allow for account takeover.

advisories | CVE-2022-31798

# Exploit Title: Nortek Linear eMerge E3-Series - Account Take Over
# Exploit Author: Omar Hashim
# Version: 0.32-07p
# Vendor home page:
# Vendor home page:
# Authentication Required: No
# CVE: CVE-2022-31798

# Description
There is local session fixation that chained with reflected cross-site
scripting leads to account take over of admin or less privileged users

# Proof Of Concept:
src=x onerror=alert(document.location)>