| शीर्षक | SIAM Industria de Automação e Monitoramento Ltda. SIAM 2.0 Reflected Cross-Site Scripting |
|---|
| विवरण | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the SIAM Invitation application. The url parameter of the qrcode.jsp page does not properly sanitize user input, allowing the injection and execution of malicious scripts in the browser.
The flaw occurs when an attacker is able to insert JavaScript code into the url parameter, which is reflected directly in the application's HTML response without proper filtering or encoding. This allows arbitrary scripts to be executed in the context of the victim's session.
PoC:
http://x.x.x.x:8888/siam-convite/qrcode.jsp?url=1%22%3E%3Cimg%20src=x%20onerror=alert(document.location)%3E |
|---|
| स्रोत | ⚠️ https://siam.com.br/software/ |
|---|
| उपयोगकर्ता | Stux (UID 40142) |
|---|
| सबमिशन | 06/02/2025 06:44 PM (1 वर्ष पहले) |
|---|
| संयम | 15/02/2025 04:36 PM (9 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 295967 [SIAM Industria de Automação e Monitoramento 2.0 /qrcode.jsp url क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|