CVE-2020-6845

MEDIUM

TopManage OLK 2020 - DOM-Based Cross-Site Scripting via Session Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-6845. PoCs published by Joel Aviad Ossi.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in OLK Web Store 2020. It sends a crafted POST request to the login endpoint with manipulated parameters, potentially bypassing authentication or performing unauthorized actions.

Description

An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack.

Exploits (1)

exploitdb WORKING POC

by Joel Aviad Ossi · textwebappsasp

https://www.exploit-db.com/exploits/47960

View Code ZIP pw:eip

This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in OLK Web Store 2020. It sends a crafted POST request to the login endpoint with manipulated parameters, potentially bypassing authentication or performing unauthorized actions.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: OLK Web Store 2020

No auth needed

Prerequisites: Access to the target application's login page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://websec.nl/news.php

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/47960

Scores

CVSS v3 6.1

EPSS 0.0087

EPSS Percentile 54.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

topmanage/olk_webstore 2020

Published Feb 18, 2020

Tracked Since Feb 18, 2026