CVE-2021-45422

MEDIUM EXPLOITED NUCLEI

Reprisesoftware Reprise License Manager < 16.0 - XSS

Title source: rule

Description

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.

Nuclei Templates (1)

Reprise License Manager 14.2 - Cross-Site Scripting

MEDIUMVERIFIEDby edoardottt

Shodan: http.html:"Reprise License" || http.html:"reprise license" || http.html:"reprise license manager"

FOFA: body="reprise license manager" || body="reprise license"

References (4)

[Broken Link] http://reprise.com

[Exploit, Third Party Advisory] https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-45422/RLM%2014.2%20Cross%20Site%20Scripting.txt

View Exploit ZIP pw:eip

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2022/Jan/31

[Third Party Advisory] https://www.getinfosec.news/13202933/reprise-license-manager-142-reflected-cross-site-scripting#/

Scores

CVSS v3 6.1

EPSS 0.2152

EPSS Percentile 95.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2025-06-05

CWE

CWE-79

Status published

Products (1)

reprisesoftware/reprise_license_manager 14.2 - 16.0

Published Jan 13, 2022

Tracked Since Feb 18, 2026