Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting

2025.02.01

Credit: _striv3r_

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
https://quorum.com/about/

[Product]
Quorum onQ OS - 6.0.0.5.2064

Vulnerability Type]
Reflected Cross Site Scripting (XSS)

[Affected Component]
Login page get parameter 'msg' is vulnerable to Reflected Cross site
scripting

[CVE Reference]
CVE-2024-44449

[Security Issue]
Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a
remote attacker to obtain sensitive information via the msg parameter in
the Login page.

[Attack Vectors]
After obtaining the API key, an attacker can use tools such as curl,
Postman, or custom scripts to craft unauthorized requests to the target API.

[Network Access]
Remote

[Severity]
Medium

[Disclosure Timeline]
Vendor Notification: July 20, 2024
Vendor released fixed: September 13, 2024

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.