Exploit for Real Time Automation 460MCBS 5.2.14 Cross Site Scripting

Name: Exploit for Real Time Automation 460MCBS 5.2.14 Cross Site Scripting
Rating: 5 (183 reviews)

2023-03-09 | CVSS -0.1

## https://sploitus.com/exploit?id=PACKETSTORM:171307
Exploit Title: Real Time Automation 460MCBS Cross Site Scripting (XSS)  
Date: 2023-03-09  
Exploit Author: Yehia Elghaly  
Vendor Homepage: https://www.rtautomation.com/  
Software Link: https://www.rtautomation.com/product/460mcbs/  
Version: Revision 5.2.14  
Tested on: Real Time Automation   
CVE: N/A  
  
  
Summary: The Real Time Automation 460MCBS moves data between up to 32 Modbus TCP Servers and a BACnet/IP Building Automation System (BAS). It’s a perfect tool to tie Modbus TCP power meters, boilers, chillers and other devices into your BACnet/IP Building Automation System  
  
Description: The attacker can able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.: XSS found on when insert a payload after(/)  
  
Payload: ?c12yy<script>alert('XSSYF')</script>p1ax8=1  
  
[Affected Component]  
(/)