LumisXP - XSS (CVE-2024-33326)

CVE-2024-33326 is a cross-site scripting (XSS) vulnerability in LumisXP versions 15.0.x to 16.1.x, specifically within the XsltResultControllerHtml.jsp component. Attackers can exploit this flaw by injecting malicious scripts through the lumPageID parameter, potentially leading to the execution of arbitrary web scripts or HTML in the context of unsuspecting users. This vulnerability could be leveraged for session hijacking, phishing, or other client-side attacks.

CrowdSec has been tracking this vulnerability and its exploits since 24th of September 2025.

CrowdSec network observations suggest that most exploitation of CVE-2024-33326 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2024-33326 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2024-33326 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit this vulnerability by sending requests to XsltResultControllerHtml.jsp with a crafted lumPageId parameter containing malicious JavaScript, enabling cross-site scripting (XSS) attacks against users. Targeted endpoints include both /portal/XsltResultControllerHtml.jsp and /XsltResultControllerHtml.jsp.