CVE-2021-45026
MEDIUMASG-Zena Cross Platform Server Enterprise Edition 4.2.1 - Cross-Site Scripting
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-45026. PoCs published by JetP1ane.
AI-analyzed exploit summary This PoC exploits CVE-2021-45026 in Rocket Software's Zena application by leveraging a stored XSS vulnerability to achieve remote code execution (RCE). It logs in using default credentials, injects an XSS payload, and uses the stolen session to execute commands via Zena's REST API.
Description
ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS).
Exploits (1)
This PoC exploits CVE-2021-45026 in Rocket Software's Zena application by leveraging a stored XSS vulnerability to achieve remote code execution (RCE). It logs in using default credentials, injects an XSS payload, and uses the stolen session to execute commands via Zena's REST API.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N