Exploit Title: Real Time Automation 460MCBS Cross Site Scripting (XSS)  
Date: 2023-03-09  
Exploit Author: Yehia Elghaly  
Vendor Homepage:  
Software Link:  
Version: Revision 5.2.14  
Tested on: Real Time Automation   
CVE: N/A  
Summary: The Real Time Automation 460MCBS moves data between up to 32 Modbus TCP Servers and a BACnet/IP Building Automation System (BAS). Itโ€™s a perfect tool to tie Modbus TCP power meters, boilers, chillers and other devices into your BACnet/IP Building Automation System  
Description: The attacker can able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.: XSS found on when insert a payload after(/)  
Payload: ?c12yy<script>alert('XSSYF')</script>p1ax8=1  
[Affected Component]