.. / CVE-2022-31798

Exploit for Nortek Linear eMerge E3-Series - Cross-Site Scripting (CVE-2022-31798)

Description:

There is a local session fixation vulnerability that, when chained with cross-site scripting, leads to account take over of admin or a lower privileged user.

Nuclei Template

View the template here CVE-2022-31798.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-31798.yaml
Copy

References:

https://eg.linkedin.com/in/omar-1-hashem
http://packetstormsecurity.com/files/167992/Nortek-Linear-eMerge-E3-Series-Account-Takeover.html
https://gist.github.com/omarhashem123/bccdcec70ab7e8f00519d56ea2e3fd79
https://nvd.nist.gov/vuln/detail/CVE-2022-31798
https://packetstormsecurity.com/files/167992/