Virtual Computer Vysual RH Solution Cross-Site Scripting Vulnerability in Login Panel

A reflected cross-site scripting vulnerability has been identified in Virtual Computer Vysual RH Solution version 2024.12.1. The issue arises in the Login Panel component, specifically within the index.php file. The vulnerability is triggered by manipulating the 'page' parameter, which allows for the injection of malicious scripts. This cross-site scripting flaw can be exploited remotely, with the victim required to interact with the malicious link.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to the index.php page of the Login Panel with a crafted 'page' parameter that includes a script payload, such as a JavaScript alert. The injected script will be executed in the user's browser, demonstrating the cross-site scripting vulnerability.

Remediation

It is recommended to implement proper input validation and output encoding to neutralize user-controllable input before it is displayed to other users. Additionally, a web application firewall could be used to filter out malicious payloads.