SECUDOS DOMOS before 5.6 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability

Summary

While analyzing the implementation of the DOMOS web interface, one reflected Cross-Site-Scripting vulnerability has been identified, which can be exploited in order to read password hashes from the file system. This vulnerability can be exploited by authenticated attackers with access to the web interface.

Credit:

The information has been provided by Pascal Keul

The original article can be found at:https://atomic111.github.io/article/secudos-domos-reflected-xss


Details

The Log module in SECUDOS DOMOS before 5.6 allows XSS.

 

Vulnerable Systems:

SECUDOS DOMOS before 5.6 

 

CVE Information:

CVE-2019-18664

 

Disclosure Timeline:
Published Date: 11/02/2019