Exploitation Summary
EIP tracks 1 public exploit for CVE-2022-29296. PoCs published by Andrea Intilangelo.
AI-analyzed exploit summary This is a working proof-of-concept for a reflected XSS vulnerability in Avantune Genialcloud ProJ 10. The exploit demonstrates arbitrary JavaScript execution via the 'msg' parameter in the login portal.
Description
A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Exploits (1)
exploitdb
WORKING POC
by Andrea Intilangelo · textwebappsmultiple
https://www.exploit-db.com/exploits/50955
This is a working proof-of-concept for a reflected XSS vulnerability in Avantune Genialcloud ProJ 10. The exploit demonstrates arbitrary JavaScript execution via the 'msg' parameter in the login portal.
Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Avantune Genialcloud ProJ 10
No auth needed
Prerequisites:
Access to the login portal URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Broken Link, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/167341/Avantune-Genialcloud-ProJ-10-Cross-Site-Scripting.html
Broken Link, Third Party Advisory x_refsource_misc
https://dl.packetstormsecurity.net/2206-exploits/avantunegenialcloudproj10-xss.txt
Scores
CVSS v3
6.1
EPSS
0.0235
EPSS Percentile
81.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
avantune/genialcloud_proj
10
Published
Jun 06, 2022
Tracked Since
Feb 18, 2026