CVE-2022-35543

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-35543. PoCs published by Rob_ CTRL Group.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in ELSI Smart Floor V3.3.3 and earlier. The payload is injected into the ward name field, triggering when any user visits the portal.

Description

ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by Rob_ CTRL Group · textwebappsaspx

https://www.exploit-db.com/exploits/51200

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in ELSI Smart Floor V3.3.3 and earlier. The payload is injected into the ward name field, triggering when any user visits the portal.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: ELSI Smart Floor V3.3.3 and under

Auth required

Prerequisites: authenticated access to the application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS)

Exploitation Summary

Description

Exploits (1)

Details