CVE-2022-47870

MEDIUM

Redgate SQL Monitor 12.1.31.893 - Cross-Site Scripting via returnUrl Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-47870. PoCs published by geeklinuxman.

AI-analyzed exploit summary This is a writeup describing a Cross-Site Scripting (XSS) vulnerability in Redgate SQL Monitor 12.1.31.893. The vulnerability allows remote attackers to inject arbitrary web scripts or HTML via the returnUrl parameter in the login page.

Description

A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter.

Exploits (1)

exploitdb WRITEUP

by geeklinuxman · textwebappsmultiple

https://www.exploit-db.com/exploits/51218

View Code ZIP pw:eip

This is a writeup describing a Cross-Site Scripting (XSS) vulnerability in Redgate SQL Monitor 12.1.31.893. The vulnerability allows remote attackers to inject arbitrary web scripts or HTML via the returnUrl parameter in the login page.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Redgate SQL Monitor 12.1.31.893

No auth needed

Prerequisites: Victim must click on a malicious link

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry

https://packetstormsecurity.com/files/171647/SQL-Monitor-12.1.31.893-Cross-Site-Scripting.html

Scores

CVSS v3 6.1

EPSS 0.0223

EPSS Percentile 80.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

red-gate/sql_monitor 12.1.31.893

Published Apr 04, 2023

Tracked Since Feb 18, 2026