=============================================================================================================================================
xss in AppDynamic 4.2.3.1 build No. 57
affected Module    : policy Creation module
affected parameter : policy name
tested             : Live SaaS server AppDynamic
product            : Application performance monitoring tools , used to monitor the application performance by agent installed on remote server & give output according to the rules & policy create ( allow create custom policy ) in GUI tool.
payload            : <script>alert(document.cookie)</script>
Security Researcher: Govind Singh aka NullPort

=============================================================================================================================================

1. logged in & Click on Alert & Respond, select Polices & from policies for which application you want to create policies. Click on Create Policy Manually.

2. In Create Policy Give name to the Policy here mine is policy and click on next button.

3. Now click on Create Action a+a from Actions to execute.and press ok

4. Now in Name just simple put your xss payload in Create Diagnostic Session Action & click on ok button.

5. As now policy created with our xss payload now just press save button.

6. As you press on save button payload get execute & you can observe the xss popup with value.