关键信息 CVE ID: CVE-2024-35321 Exploit Title: MyNet Date: 10/05/2024 Exploit Author: André Monteiro & Manuel Tavares Vendor Homepage: https://www.arc.pt/ Software Link: https://www.arc.pt/solucoes-servicos/solucoes?segment=MYN Version: <= 26.08, latest version tested CVE: CVE-2024-35321 Description: The msgtipo parameter in MyNet versions 26.08 and earlier is vulnerable to XSS by unauthenticated users due to insufficient input sanitization and output encoding. Proof of Concept (PoC) To reproduce the vulnerability, provide the victim with the following link containing the specific payload in the parameter: