# NorthStar C2 agent RCE via stored XSS
Agent RCE PoC for CVE-2024-28741, a stored XSS vulnerability in NorthStar C2.

This exploit works by sending multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This XSS can be leveraged to execute commands on NorthStar C2 agents

Full explanation: