Skip to content

Instantly share code, notes, and snippets.

@damodarnaik

damodarnaik/CVE-2022-45436.md

Created October 17, 2023 17:37
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save damodarnaik/ac07a179972cd4d508f246e9bc5500e7 to your computer and use it in GitHub Desktop.
Save damodarnaik/ac07a179972cd4d508f246e9bc5500e7 to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2022-45436
Raw
CVE-2022-45436.md

CVE-2022-45436

Vulnerability Title: Reflected Cross Site Scripting - Network maps editor module
Vendor Homepage: https://pandorafms.com/en/
Version: <= v765
CVE: CVE-2022-45436
CVSS 3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (4.8 Medium)
Exploit Author: Damodar Naik
Date: 02/14/2023

Steps to reproduce:

  1. Navigate to Topology maps -> Network map as an attacker, and click on the help button.
  2. Capture the request in burpsuite and at parameter b insert the XSS payload.
  3. Using some phishing technique, lure the admin or any other user visit the URL.
  4. The XSS payload gets executed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment