Vulnerability Title : SALIOR Ku Software XSS - Remote syslog
Vulnerability Summary : XSS occurring during the setting of the Remote syslog
Manufacturer : Cobham
Software Name : SAILOR VSAT Ku - Software 164B019
Version : 164B019
Attack Type : XSS
Impact : Script Execution
Vulnerable Filename : acu_web
Vulnerable Function : c_set_rslog_decode
Vulnerable Parameter : host
Vulnerability Environment : Environment that can set up a Remote syslog
Method of Discovery
When setting up the Remote syslog, sending a </script><script>alert(0)</script> in the “host” triggers an alert(0) as observed below
Cause of Vulnerability
When setting up the Remote syslog, the value is stored as a variable in the script and output to the Remote syslog IP address box.
c_set_rslog_decode
During setup, the following function is used to save the values without any validation to config_writev.