Giulia Melotti Garibaldi

giulia@homepage:~$ cat CVE-2021-45422.txt
#Product: RLM 14.2
#Vendor: Reprise Software
#CVE ID: CVE-2021-45422
#Vulnerability Title: Reflected Cross-Site Scripting
#Severity: Medium
#Author(s): Giulia Melotti Garibaldi
#Date: 2022-01-11

#####################################################

Introduction:

An issue was discovered in Reprise License Manager 14.2, Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/activate_process “count” parameter via GET. No authentication is required.

#####################################################

Vulnerability PoC:

#GET http://HOST:5054/goform/activate_process?isv=&akey=&hostid=&count=(XSS #PAYLOAD) HTTP/1.1
#Host: HOST:5054
#Accept-Language: en-US,en;q=0.5
#Accept-Encoding: gzip, deflate, br
#Connection: keep-alive


giulia@homepage:~$ cd $HOME