CVE-2021-45422

Name of the Vulnerable Software and Affected Versions Reprise License Manager version 14.2

Description The issue is a reflected cross-site scripting vulnerability in the "/goform/activate process" API endpoint, specifically in the count parameter, which can be exploited via GET requests. No authentication is required to exploit this issue.

Recommendations For Reprise License Manager version 14.2, as a temporary workaround, consider restricting access to the "/goform/activate process" API endpoint or avoiding the use of the count parameter in this endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.