Real Time Automation 460MCBS 5.2.14 Cross Site Scripting

Credit: Yehia Elghaly
Risk: Low
Local: No
Remote: Yes

Exploit Title: Real Time Automation 460MCBS Cross Site Scripting (XSS) Date: 2023-03-09 Exploit Author: Yehia Elghaly Vendor Homepage: Software Link: Version: Revision 5.2.14 Tested on: Real Time Automation CVE: N/A Summary: The Real Time Automation 460MCBS moves data between up to 32 Modbus TCP Servers and a BACnet/IP Building Automation System (BAS). It’s a perfect tool to tie Modbus TCP power meters, boilers, chillers and other devices into your BACnet/IP Building Automation System Description: The attacker can able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.: XSS found on when insert a payload after(/) Payload: ?c12yy<script>alert('XSSYF')</script>p1ax8=1 [Affected Component] (/)

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2023,


Back to Top