Exploit Title: TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated) Date: 10th, March, 2025 Exploit Author: ABABANK REDTEAM Vendor Homepage: https://compassplustechnologies.com/ Version: 3.2.41.10.26 Tested on: Window Server 2016 1. Login to web application 2. Click on `Entire System` goto `Monitoring` then click on `Terminals Monitoring` 3. Select any name below `Terminals Monitoring` then click on `Open Object in Tree` 4. Select on Filter then supply with any filter name then click `Apply Filter` 5. On the right side select on `Save Settings in Explorer Tree`, on the `Enter Explorer Item Title` supply the payload <img src=x onerror=alert(document.domain)> then click OK. Payload: <img src=x onerror=alert(document.domain)>
Credits and Partners
All rights reserved nPulse.net 2009 - 2025
Powered by: MVCP2 / BVCP / ASPF-MILTER / PHP 8.3 / NGINX / FreeBSD
