Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-33326 PoC — Lumisxp 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-33326.yaml
Associated Vulnerability
Title:Lumisxp 安全漏洞 (CVE-2024-33326)
Description:LumisXP是Lumis公司的一款基于云的数字体验软件。可帮助用户深入了解统一平台上的各种网站、博客和登录页指标。 Lumisxp 15.0.x至16.1.x版本存在安全漏洞,该漏洞源于容易受到跨站脚本攻击,攻击者可以通过向lumPageID参数注入精心构造的有效负载来执行任意的Web脚本或HTML。
Description
A cross-site scripting (XSS) vulnerability in the XsltResultControllerHtml.jsp component of LumisXP v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via the lumPageID parameter.
File Snapshot

 id: CVE-2024-33326

info:
  name: LumisXP - Cross-site Scripting
  author: 0xr2r
  severity: medium


...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.