CVE-2022-47373 PoC — Reflected Cross Site Scripting in Search Functionality of Module Library

Source

https://github.com/Argonx21/CVE-2022-47373

Associated Vulnerability

Title:Reflected Cross Site Scripting in Search Functionality of Module Library (CVE-2022-47373)
Description:Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload.

Description

Reflected Cross Site Scripting Vulnerability in PandoraFMS <= v766

Readme

# CVE-2022-47373
Reflected Cross Site Scripting Vulnerability in PandoraFMS <= v766


##### > Exploit Title: Reflected Cross Site Scripting
##### > Date: 15/02/2023
##### > Exploit Author: Gaurish Kauthankar
##### > Vendor Homepage: https://pandorafms.com/en/
##### > Software Link: https://github.com/pandorafms/pandorafms
##### > Version: <= v766
##### > Tested on: Ubuntu
##### > CVE : CVE-2022-47373


### Steps to reproduce:  
1. Add xss payload in the search functionality present in module library section.  
2. Observe payload execution.  
3. Now share the url containing xss payload with the victim user to steal cookies, redirecting to evil website, etc.

File Snapshot


 [4.0K]  /data/pocs/bdbb2fbb8f5dbdb58bc10aa2cca6d794ac7a4690
└── [ 665]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!