| Title | SIAM Industria de Automação e Monitoramento Ltda. SIAM 2.0 Reflected Cross-Site Scripting |
|---|
| Description | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the SIAM Invitation application. The url parameter of the qrcode.jsp page does not properly sanitize user input, allowing the injection and execution of malicious scripts in the browser.
The flaw occurs when an attacker is able to insert JavaScript code into the url parameter, which is reflected directly in the application's HTML response without proper filtering or encoding. This allows arbitrary scripts to be executed in the context of the victim's session.
PoC:
http://x.x.x.x:8888/siam-convite/qrcode.jsp?url=1%22%3E%3Cimg%20src=x%20onerror=alert(document.location)%3E |
|---|
| Source | ⚠️ https://siam.com.br/software/ |
|---|
| User | Stux (UID 40142) |
|---|
| Submission | 02/06/2025 06:44 PM (3 months ago) |
|---|
| Moderation | 02/15/2025 04:36 PM (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 295967 [SIAM Industria de Automação e Monitoramento 2.0 /qrcode.jsp url cross site scripting] |
|---|
| Points | 20 |
|---|