Vulnerability Title : SALIOR Ku Software XSS - Diagnostics Report
Vulnerability Summary : XSS occurring during the setting of the Diagnostics Report
Manufacturer : Cobham
Software Name : SAILOR VSAT Ku - Software 164B019
Version : 164B019
Attack Type : XSS
Impact : Script Execution
Vulnerable Filename : acu_web
Vulnerable Function : sub_219C4
Vulnerable Parameter : rdiag, sender, recipients
Vulnerability Environment : Environment where the Diagnostics Report can be set
Method of Discovery
When setting up the Diagnostics Report, sending a </script><script>alert(0)</script> in the “sender” triggers an alert(0) as observed below (The same vulnerability arises when the same input is given to the “recipients”).
Cause of Vulnerability
Diagnostics Report, when set, places data within a script as variables and prints them out to the E-mail sender and E-mail recipients box.
