CVE-2022-30519

MEDIUM

Reprise License Manager 14.2bl4-16.0 - Cross-Site Scripting via Signing Form Password Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-30519. PoCs published by Mohammed A.Siledar.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Reprise Software RLM v14.2BL4 by injecting malicious JavaScript into the login_process endpoint via the password parameter. The PoC triggers a confirm dialog as proof of execution.

Description

XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field.

Exploits (1)

exploitdb WORKING POC

by Mohammed A.Siledar · textwebappswindows

https://www.exploit-db.com/exploits/51188

View Code ZIP pw:eip

This exploit demonstrates a reflected XSS vulnerability in Reprise Software RLM v14.2BL4 by injecting malicious JavaScript into the login_process endpoint via the password parameter. The PoC triggers a confirm dialog as proof of execution.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Reprise Software RLM v14.2BL4

No auth needed

Prerequisites: Access to the RLM web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/171627/Reprise-Software-RLM-14.2BL4-Cross-Site-Scripting.html

Third Party Advisory

https://github.com/earth2sky/Disclosed/blob/main/CVE-2022-30519

View Writeup ZIP pw:eip

Scores

CVSS v3 6.1

EPSS 0.0253

EPSS Percentile 82.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

reprisesoftware/reprise_license_manager 14.2bl4 - 16.0

Published Dec 29, 2022

Tracked Since Feb 18, 2026