Published: 17/06/2022 Updated: 14/02/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS).

Vulnerable Product	Search on Vulmon	Subscribe to Product
rocketsoftware ags-zena 4.2.1

Zena Housekeeping notes: The original CookieMonster Repo can be found here githubcom/JetP1ane/zena Rocket Software Patch Release notes docsrocketsoftwarecom/bundle/ven1649700711249/page/ayk1652945111726html CVE-2021-45026 Stored XSS CVE-2021-45025 Cleartext Storage of Sensitive Information in a Cookie Researchers: James Barnett and Jeffrey Green Zena CookieM

Zena - Stored XSS to RCE Exploit POC Exploit POC for Rocket Software's Zena application v 421 - Stored XSS to RCE CVE-2021-45025 CVE-2021-45026 phoenix-secio/2022/06/17/Zena-CookieMonsteRCEhtml Credits: James Barnett and Jeff Green POC Process: Logs into Zena's webconfig page using default credentials Drops Stored XSS payload Payload needs to be triggere

CWE-79 http://asg.com https://docs.rocketsoftware.com/bundle/ven1649700711249/page/ayk1652945111726.html http://asg-zena.com https://nvd.nist.gov https://github.com/cptsticky/xxe-zena

CVE-2021-45026

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect