CVE Identification and Details

• Vendor: Labvantage
• Product: Labvantage LIMS
• Affected Endpoint: POST /labvantage/rc?command=page
• Vulnerable Parameters: param1
• Vulnerability Type: Reflected Cross-Site Scripting (XSS)

Reproduction of the Attack

The following steps were used to identify and confirm the reflected XSS vulnerability in the param1 parameter of the POST request to the affected endpoint. The testing was conducted using Burp Suite.

Step 1: Crafting the POST Request with XSS Payload

1. Description: A POST request was crafted by adding the XSS payload to the body parameter param1:
   • Payload: param1"><a href="javascript:alert('XSS-All-Params')">ALL THE PARAMETERS ARE VULN TO XSS</a>

Figure 1: The request made by adding the XSS payload to the param1 parameter.

Step 2: Sending the POST Request with the XSS Payload

1. Description: The POST request with the XSS payload in the param1 parameter was sent.
2. Observation: The XSS payload was reflected in the DOM, and clicking the link triggered the JavaScript alert XSS-All-Params.

Figure 2: The alert appears when the XSS payload is injected into the param1 parameter and the link is clicked.

Exploitation and Impact

Reflected XSS vulnerabilities can be exploited by attackers to execute arbitrary JavaScript in the context of a victim's browser. This can lead to various malicious activities, such as:

• Session Hijacking: Stealing session cookies to impersonate users.