FAST LTA Silent Brick WebUI Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in FAST LTA Silent Brick WebUI version 2.63. This vulnerability allows attackers to inject malicious JavaScript into web pages viewed by users. The issue arises from improper handling of user-supplied input, which is reflected directly in the output without adequate sanitization or encoding. Exploiting this vulnerability could enable an attacker to execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, data theft, and other malicious actions. The vulnerable WebUI parameters include 'h', 'hd', 'p', 'pi', 's', 't', 'x', and 'y'.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute malicious JavaScript in the context of the victim's browser.

Remediation

Users are advised to update to FAST LTA Silent Brick WebUI version 2.63, which includes important security updates. The update can be downloaded from the FAST LTA software update site.