AllStarLink Supermon Cross-Site Scripting Vulnerability in AllMon2 Component
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in AllStarLink Supermon versions through 6.2, specifically within the AllMon2 component. This issue arises from the application's failure to properly sanitize user input, allowing arbitrary scripts to be executed in the context of the user's browser. The vulnerability can be exploited remotely, without authentication, although it does require user interaction. A public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user’s browser.
Reproduction
To reproduce this vulnerability, access the AllStarLink Supermon application version 6.2 or earlier. Navigate to the AllMon2 component and inject a script payload into a URL parameter. The injected script will be executed in the browser, demonstrating the cross-site scripting vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.