COMMAX Biometric Access Control System Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in COMMAX Biometric Access Control System version 1.0.0. This vulnerability allows attackers to inject malicious HTML and JavaScript into cookie parameters 'CMX_ADMIN_NM' and 'CMX_COMPLEX_NM'. The injected scripts are executed in the context of the user's browser session on the affected site.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can execute scripts in the context of the victim's browser session, potentially stealing cookies and authentication credentials.

Reproduction

To reproduce this vulnerability, send a request to 'db_dump.php' with the 'CMX_ADMIN_NM' and 'CMX_COMPLEX_NM' cookie parameters. Include a script tag in the cookie values. Once the request is processed, the injected script will execute, demonstrating the cross-site scripting vulnerability.