Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can have serious impacts including unauthorized access to sensitive data, modification of data, and session hijacking.'}, {'type': 'paragraph', 'content': "Since the malicious script runs in the context of an administrator's browser session, an attacker can steal confidential information or manipulate the application."}, {'type': 'paragraph', 'content': 'The CVSS v3.1 score rates the confidentiality and integrity impacts as high, meaning data theft and unauthorized changes are possible.'}, {'type': 'paragraph', 'content': 'Availability impact is low, so the service is unlikely to be disrupted significantly.'}] [1]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-30918 is a high-severity Reflected Cross-Site Scripting (XSS) vulnerability in the FacileManager application, specifically in the fmDNS module before version 6.0.4.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the parameter `log_search_query` improperly handles user input, allowing an attacker to inject malicious JavaScript code into a URL.'}, {'type': 'paragraph', 'content': "When an authenticated administrator clicks on a specially crafted URL containing this malicious script, the script executes in the administrator's browser context."}, {'type': 'paragraph', 'content': 'This happens due to improper neutralization of user-controllable input before it is included in HTTP responses, classified under CWE-79.'}] [1]

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by testing the fmDNS module's log_search_query parameter for reflected Cross-Site Scripting (XSS) by sending crafted URLs containing script payloads and observing if the script executes in the administrator's browser."}, {'type': 'paragraph', 'content': 'An example of such a crafted URL is: https://facilemanager/admin-logs.php?log_search_date_b=11%2F27%2F2025&log_search_date_e=&log_search_module[]=All+Modules&log_search_user[]=0&log_search_query=""><script>alert(document.domain)</script>'}, {'type': 'paragraph', 'content': 'To detect this on your system, you can use tools like curl or wget to send requests with malicious payloads and check the HTTP response for reflected script tags.'}, {'type': 'list_item', 'content': 'curl -i "https://your-facilemanager-instance/admin-logs.php?log_search_query=\\"><script>alert(1)</script>"'}, {'type': 'list_item', 'content': 'Observe the response for unencoded script tags indicating vulnerability.'}, {'type': 'paragraph', 'content': 'Additionally, automated web vulnerability scanners that test for reflected XSS vulnerabilities on parameters can be used to detect this issue.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include upgrading the FacileManager application to version 6.0.4 or later where this vulnerability is fixed.

If upgrading immediately is not possible, apply strict input filtering on the log_search_query parameter to allow only expected values and reject any input containing script tags or suspicious characters.

Implement proper output encoding depending on the context (HTML, URL, JavaScript, CSS) to prevent execution of injected scripts.

Configure HTTP response headers such as Content-Type and X-Content-Type-Options to enforce correct content interpretation by browsers.

Deploy a Content Security Policy (CSP) as a defense-in-depth measure to limit the impact of any residual XSS vulnerabilities.

Useful 0 Not Useful 0