Prima access control 2.3.35 hwname persistent crosssite scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-11-12 |
Type : webapps |
Platform : alpha
This exploit / vulnerability Prima access control 2.3.35 hwname persistent crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting
# Google Dork: NA
# Date: 2019-11-11
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/
# Software Link: https://www.computrols.com/building-automation-software/
# Version: 2.3.35
# Tested on: NA
# CVE : CVE-2019-7671
# Advisory: https://applied-risk.com/resources/ar-2019-007
# Paper: https://applied-risk.com/resources/i-own-your-building-management-system
# Prima Access Control 2.3.35 Authenticated Stored XSS