| عنوان | SIAM Industria de Automação e Monitoramento Ltda. SIAM 2.0 Reflected Cross-Site Scripting |
|---|
| الوصف | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the SIAM Invitation application. The url parameter of the qrcode.jsp page does not properly sanitize user input, allowing the injection and execution of malicious scripts in the browser.
The flaw occurs when an attacker is able to insert JavaScript code into the url parameter, which is reflected directly in the application's HTML response without proper filtering or encoding. This allows arbitrary scripts to be executed in the context of the victim's session.
PoC:
http://x.x.x.x:8888/siam-convite/qrcode.jsp?url=1%22%3E%3Cimg%20src=x%20onerror=alert(document.location)%3E |
|---|
| المصدر | ⚠️ https://siam.com.br/software/ |
|---|
| المستخدم | Stux (UID 40142) |
|---|
| ارسال | 06/02/2025 06:44 PM (1 سنة منذ) |
|---|
| الاعتدال | 15/02/2025 04:36 PM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 295967 [SIAM Industria de Automação e Monitoramento 2.0 /qrcode.jsp url البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|