Headline
Real Time Automation 460MCBS 5.2.14 Cross Site Scripting
Real Time Automation 460MCBS version 5.2.14 suffers from a cross site scripting vulnerability.
Exploit Title: Real Time Automation 460MCBS Cross Site Scripting (XSS)Date: 2023-03-09Exploit Author: Yehia ElghalyVendor Homepage: https://www.rtautomation.com/Software Link: https://www.rtautomation.com/product/460mcbs/Version: Revision 5.2.14Tested on: Real Time Automation CVE: N/ASummary: The Real Time Automation 460MCBS moves data between up to 32 Modbus TCP Servers and a BACnet/IP Building Automation System (BAS). It’s a perfect tool to tie Modbus TCP power meters, boilers, chillers and other devices into your BACnet/IP Building Automation SystemDescription: The attacker can able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.: XSS found on when insert a payload after(/)Payload: ?c12yy<script>alert('XSSYF')</script>p1ax8=1[Affected Component](/)