CVE-2022-28363 PoC — Reprise Software Reprise License Manager 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-28363.yaml

Associated Vulnerability

Title:Reprise Software Reprise License Manager 跨站脚本漏洞 (CVE-2022-28363)
Description:Reprise Software Reprise License Manager是美国Reprise Software公司的软件许可工具包，为商业软件应用程序的发布者提供本地和基于云的许可证管理，许可证实施和产品激活解决方案。 Reprise License Manager 14.2版本存在跨站脚本漏洞，该漏洞源于/goform/login_process的username参数通过GET请求导致跨站点脚本漏洞（XSS）。

Description

Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is required.

File Snapshot


 id: CVE-2022-28363

info:
  name: Reprise License Manager 14.2 - Cross-Site Scripting
  author: Akin

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!