CVE-2024-33326
published 2024-06-26CVE-2024-33326: A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary…
PriorityP278medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.81%
52.3th percentile
A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter.
Detection & IOCsextracted from sources · hover to see the quote
url/portal/XsltResultControllerHtml.jsp?xslContent=&interfaceInstanceId=&lumPageId=confirm(document.domain)&xslContentFilePath=↗
url/XsltResultControllerHtml.jsp?xslContent=&interfaceInstanceId=&lumPageId=confirm(document.domain)&xslContentFilePath=↗
- →Detect GET requests to XsltResultControllerHtml.jsp with a crafted lumPageId parameter containing JavaScript payload (e.g., confirm(document.domain)); response body will reflect the injected payload verbatim. ↗
- →Exploitation targets the lumPageID (also seen as lumPageId) parameter in XsltResultControllerHtml.jsp; monitor HTTP GET requests to this endpoint with unsanitized script content in that parameter. ↗
- →Vulnerable responses set a cookie prefixed with 'lum' and return Content-Type text/html with HTTP 200; use this combination to confirm exploitation. ↗
- ·The vulnerability affects LumisXP versions 15.0.x through 16.1.x only; detections should be scoped to this version range to reduce false positives. ↗
- ·The endpoint may be accessible at two different paths (/portal/XsltResultControllerHtml.jsp and /XsltResultControllerHtml.jsp); detection rules should cover both paths. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qr63-7f35-4m2w: A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml
ghsa_unreviewed·2024-06-26
CVE-2024-33326 [MEDIUM] CWE-79 GHSA-qr63-7f35-4m2w: A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml
A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter.
VulnCheck
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2024·CVSS 6.1
CVE-2024-33326 [MEDIUM] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the lumPageID parameter.
Affected: Lumis Lumisxp
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2024-33326
No detection rules found.
Nuclei
LumisXP - Cross-site Scripting
nuclei·CVSS 6.1
CVE-2024-33326 [MEDIUM] LumisXP - Cross-site Scripting
LumisXP - Cross-site Scripting
A cross-site scripting (XSS) vulnerability in the XsltResultControllerHtml.jsp component of LumisXP v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via the lumPageID parameter.
Template:
id: CVE-2024-33326
info:
name: LumisXP - Cross-site Scripting
author: 0xr2r
severity: medium
description: |
A cross-site scripting (XSS) vulnerability in the XsltResultControllerHtml.jsp component of LumisXP v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via the lumPageID parameter.
impact: |
Successful exploitation allows attackers to execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking, credential theft, or defacement.
remediation: |
Apply security patches or upgrade to
No writeups or analysis indexed.
2024-06-26
Published
Exploited in the wild