| Title | SIAM Industria de Automação e Monitoramento Ltda. SIAM 2.0 Reflected Cross-Site Scripting |
|---|
| Description | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the SIAM Invitation application. The url parameter of the qrcode.jsp page does not properly sanitize user input, allowing the injection and execution of malicious scripts in the browser.
The flaw occurs when an attacker is able to insert JavaScript code into the url parameter, which is reflected directly in the application's HTML response without proper filtering or encoding. This allows arbitrary scripts to be executed in the context of the victim's session.
PoC:
http://x.x.x.x:8888/siam-convite/qrcode.jsp?url=1%22%3E%3Cimg%20src=x%20onerror=alert(document.location)%3E |
|---|
| Source | ⚠️ https://siam.com.br/software/ |
|---|
| User | Stux (UID 40142) |
|---|
| Submission | 06/02/2025 18h44 (há 5 meses) |
|---|
| Moderation | 15/02/2025 16h36 (9 days later) |
|---|
| Status | Aceite |
|---|
| VulDB Entry | 295967 [SIAM Industria de Automação e Monitoramento 2.0 /qrcode.jsp url Roteiro Cruzado de Sítios] |
|---|
| Points | 20 |
|---|