Real Time Automation 460MCBS version 5.2.14 suffers from a cross site scripting vulnerability.
e1dc34de8b2c48ae9d510a786be692096f905dcd83110ee1571b13b3cdfb035b
Exploit Title: Real Time Automation 460MCBS Cross Site Scripting (XSS)
Date: 2023-03-09
Exploit Author: Yehia Elghaly
Vendor Homepage: https://www.rtautomation.com/
Software Link: https://www.rtautomation.com/product/460mcbs/
Version: Revision 5.2.14
Tested on: Real Time Automation
CVE: N/A
Summary: The Real Time Automation 460MCBS moves data between up to 32 Modbus TCP Servers and a BACnet/IP Building Automation System (BAS). It’s a perfect tool to tie Modbus TCP power meters, boilers, chillers and other devices into your BACnet/IP Building Automation System
Description: The attacker can able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.: XSS found on when insert a payload after(/)
Payload: ?c12yy<script>alert('XSSYF')</script>p1ax8=1
[Affected Component]
(/)