| Título | AllStar Link SuperMoon 6.2+ Cross Site Scripting |
|---|
| Descrição | A reflected XSS vulnerability was identified in the Allmon2 application, where any arbitrary parameter added to the URL is reflected without validation. For example, by injecting a crafted payload into a fake parameter, the code is executed directly in the browser, confirming the issue. This occurs due to the lack of proper input sanitization, which allows malicious scripts to run in the context of the application.
http://c-x-x-x-x.hsd1.il.comcast.net/supermon/?c4ng4c3ir0=%27%3E%22%3Csvg%2Fonload=confirm(%27c4ng4c3ir0%27)%3E
References: Vendor – AllStarLink (https://allstarlink.org/)
Source Code – Allmon2 on GitHub (https://github.com/tsawyer/allmon2
). |
|---|
| Fonte | ⚠️ http://c-x-x-x-x.hsd1.il.comcast.net/supermon/?c4ng4c3ir0=%27%3E%22%3Csvg%2Fonload=confirm(%27c4ng4c3ir0%27)%3E |
|---|
| Utilizador | c4ng4c3ir0 (UID 38456) |
|---|
| Submissão | 19/09/2025 16h37 (há 7 meses) |
|---|
| Moderação | 04/10/2025 08h18 (15 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 327012 [AllStarLink Supermon até 6.2 AllMon2 Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|