Vulnerability Title : SALIOR Ku Software XSS - Statistics report
Vulnerability Summary : XSS occurring during the setting of the Statistics Report
Manufacturer : Cobham
Software Name : SAILOR VSAT Ku - Software 164B019
Version : 164B019
Attack Type : XSS
Impact : Script Execution
Vulnerable Filename : acu_web
Vulnerable Function : sub_21D24
Vulnerable Parameter : rstat, sender, recipients
Vulnerability Environment : Environment where the Statistics Report can be set
Method of Discovery
When setting up the Statistics Report, sending a </script><script>alert(1)</script> in the “sender” triggers an alert(1) as observed below (The same vulnerability arises when the same input is given to the “recipients”).
Cause of Vulnerability
Statistics Report, when set, places data within a script as variables and prints them out to the E-mail sender and E-mail recipients box.
