CVE-2021-45422
MEDIUM EXPLOITED NUCLEIReprise License Manager 14.2-<16.0 - Reflected XSS via /goform/activate_process
Title source: llmExploitation Summary
CVE-2021-45422 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. No authentication is required.
Nuclei Templates (1)
Reprise License Manager 14.2 - Cross-Site Scripting
MEDIUMVERIFIEDby edoardottt
Shodan:
http.html:"Reprise License" || http.html:"reprise license" || http.html:"reprise license manager"
FOFA:
body="reprise license manager" || body="reprise license"
References (4)
Core 4
Core References
Broken Link
http://reprise.com
Exploit, Third Party Advisory
https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-45422/RLM%2014.2%20Cross%20Site%20Scripting.txt
Exploit, Mailing List, Third Party Advisory
https://seclists.org/fulldisclosure/2022/Jan/31
Scores
CVSS v3
6.1
EPSS
0.0331
EPSS Percentile
87.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
VulnCheck KEV
2025-06-05
CWE
CWE-79
Status
published
Products (1)
reprisesoftware/reprise_license_manager
14.2 - 16.0
Published
Jan 13, 2022
Tracked Since
Feb 18, 2026