EXPLOITS

TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)

Author: ABABANK REDTEAM
type: webapps
platform: php
port: 
date_added: 2025-03-19  
date_updated: 2025-03-19  
verified: 0  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 52086.txt  

Exploit Title: TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)
Date: 10th, March, 2025
Exploit Author: ABABANK REDTEAM
Vendor Homepage: https://compassplustechnologies.com/
Version: 3.2.41.10.26
Tested on: Window Server 2016

1. Login to web application
2. Click on `Entire System` goto `Monitoring` then click on `Terminals
Monitoring`
3. Select any name below `Terminals Monitoring` then click on `Open Object
in Tree`
4. Select on Filter then supply with any filter name then click `Apply
Filter`
5. On the right side select on `Save Settings in Explorer Tree`, on the
`Enter Explorer Item Title` supply the payload <img src=x
onerror=alert(document.domain)> then click OK.

Payload: <img src=x onerror=alert(document.domain)>