cbcvebase.
CVE-2021-45422
published 2022-01-13

CVE-2021-45422: Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No…

PriorityP181medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.31%
87.0th percentile
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.

Affected

1 ranges
VendorProductVersion rangeFixed in
reprisesoftwarereprise_license_manager>= 14.2 < 16.016.0

Detection & IOCsextracted from sources · hover to see the quote

url/goform/activate_process?isv=&akey=&hostid=&count=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
path/goform/activate_process
  • Probe for XSS by sending a GET request to /goform/activate_process with the 'count' parameter set to the XSS payload; a vulnerable response body will contain the string 'value="">alert(document.domain)">alert(document.domain))'
  • No authentication is required to trigger the vulnerability; any unauthenticated GET request to the endpoint with a crafted 'count' parameter is sufficient for exploitation.
  • Identify exposed Reprise License Manager instances via Shodan using HTML body keywords, or via FOFA/Google dork targeting the /goforms/menu path.
  • HTTP response must return status 200 and Content-Type header containing 'text/html' alongside the reflected XSS payload in the body to confirm exploitation.
  • ·The vulnerability affects specifically Reprise License Manager version 14.2; other versions are not confirmed vulnerable by the available sources.
  • ·The XSS is reflected (not stored), triggered only via GET with a crafted 'count' parameter — exploitation requires victim interaction (UI:R per CVSS).

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.