CVE-2024-44449
📋 TL;DR
A cross-site scripting (XSS) vulnerability in Quorum onQ OS allows remote attackers to inject malicious scripts via the msg parameter on the login page. This could enable attackers to steal sensitive information like session cookies or credentials from users who visit the compromised login page. Organizations using Quorum onQ OS version 6.0.0.5.2064 are affected.
💻 Affected Systems
- Quorum onQ OS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, hijack user sessions, deface the login page, or redirect users to malicious sites, potentially leading to full system compromise.
Likely Case
Attackers would steal session cookies or credentials from users accessing the login page, enabling unauthorized access to the Quorum system.
If Mitigated
With proper input validation and output encoding, the attack would fail to execute malicious scripts, preventing data theft.
🎯 Exploit Status
The vulnerability requires no authentication and exploitation is straightforward via crafted URLs containing malicious scripts in the msg parameter.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://quorum.com/about/
Restart Required: No
Instructions:
Check Quorum's official security advisories for patch availability. If a patch exists, follow vendor instructions to update to a fixed version.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement server-side validation to sanitize or reject malicious input in the msg parameter before processing.
Web Application Firewall (WAF) Rules
allDeploy WAF rules to block requests containing suspicious script patterns in the msg parameter.
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution sources
- Monitor and filter network traffic for suspicious patterns in login page requests
🔍 How to Verify
Check if Vulnerable:
Test by accessing the login page with a payload like: /login?msg=<script>alert('XSS')</script> and check if script executes.Check Version:
Check the Quorum onQ OS version through the system administration interface or configuration files.Verify Fix Applied:
Retest with the same payload after applying fixes; script should not execute and input should be properly sanitized.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to login page containing script tags or JavaScript in msg parameter
- Unusual login attempts with encoded payloads
Network Indicators:
- HTTP GET/POST requests with suspicious parameters containing script elements
SIEM Query:
source="web_logs" AND uri_path="/login" AND (msg CONTAINS "<script>" OR msg CONTAINS "javascript:")