PT-2024-25204 · Lumisxp · Lumisxp
Rodolfo Tavares
·
Published
2024-06-26
·
Updated
2024-07-11
·
CVE-2024-33328
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Lumisxp versions 15.0.x through 16.1.x
Description
A cross-site scripting (XSS) issue in the main.jsp component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
pageId parameter.Recommendations
For Lumisxp versions 15.0.x through 16.1.x, consider restricting access to the main.jsp component until a patch is available, and avoid using the
pageId parameter in the affected page until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lumisxp