CVE Identification and Details

• Vendor: Labvantage
• Product: Labvantage LIMS
• Affected Endpoint: /labvantage/rc?command=page&page=LV_ViewSampleSpec&sdcid=Sample&keyid1=S-231204-00118&oosonly=Y&_sdialog=Y
• Vulnerable Parameters: sdcid, keyid1
• Vulnerability Type: Reflected Cross-Site Scripting (XSS)

Reproduction of the Attack

The following steps were used to identify and confirm the reflected XSS vulnerability in the sdcid and keyid1 parameters of the GET request to the affected endpoint. The testing was conducted using Burp Suite.

Step 1: Crafting the URL with XSS Payloads

1. Description: A request was crafted by adding the sdcid and keyid1 parameters to the URL with the XSS payloads:
   • For sdcid: sdcid=Sample';%7dalert(1);'
   • For keyid1: keyid1=S-231204-00118';alert(2);function+correctSyntax(e)%7b'

Figure 1: The request made by adding XSS payloads to the sdcid and keyid1 parameters.

Step 2: XSS in sdcid Parameter

1. Description: The URL with the XSS payload in the sdcid parameter was accessed.
2. Observation: The XSS payload was reflected in the DOM, and the JavaScript alert 1 was triggered.

Figure 2: The alert appears when the XSS payload is injected into the sdcid parameter.

Step 3: XSS in keyid1 Parameter

1. Description: The URL with the XSS payload in the keyid1 parameter was accessed.
2. Observation: The XSS payload was reflected in the DOM, and the JavaScript alert 2 was triggered.