SOCA Access Control System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the SOCA Access Control System, specifically in versions 180612, 170000, and 141007. The issue arises in the 'senddata' POST parameter of the 'logged_page.php' script, where user input is not properly sanitized. This flaw allows attackers to inject malicious scripts that are executed in the context of the user's browser session.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute arbitrary scripts in the context of the victim's browser session.

Reproduction

To reproduce this vulnerability, send a POST request to 'logged-page.php' with the 'senddata' parameter containing a script tag, such as '<script>alert(1)</script>'. The server response will include the injected script, executed as part of the page.