Exploit for TranzAxis 3.2.41.10.26 Cross Site Scripting

Name: Exploit for TranzAxis 3.2.41.10.26 Cross Site Scripting
Rating: 5 (15 reviews)

2025-03-24 | CVSS 6.6

## https://sploitus.com/exploit?id=PACKETSTORM:189984
Exploit Title: TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)
    Date: 10th, March, 2025
    Exploit Author: ABABANK REDTEAM
    Vendor Homepage: https://compassplustechnologies.com/
    Version: 3.2.41.10.26
    Tested on: Window Server 2016
    
    1. Login to web application
    2. Click on `Entire System` goto `Monitoring` then click on `Terminals
    Monitoring`
    3. Select any name below `Terminals Monitoring` then click on `Open Object
    in Tree`
    4. Select on Filter then supply with any filter name then click `Apply
    Filter`
    5. On the right side select on `Save Settings in Explorer Tree`, on the
    `Enter Explorer Item Title` supply the payload <img src=x
    onerror=alert(document.domain)> then click OK.
    
    Payload: <img src=x onerror=alert(document.domain)>