One minute
CVE-2024-53471:Stored XSS in meio_pagamento.php function WeGIA
CVE-2024-53471:Stored XSS in meio_pagamento.php function
Vendor
WeGIA (Web Gerenciador Institucional) is an integrated management system licensed under the GNU GPL v3.0, designed to enhance administration, control, and transparency for institutions.
Affected Product Code Base
WeGIA - v3.2.0
Vulnerability Description
A stored Cross-Site Scripting (XSS) vulnerability was identified in the WeGIA application. This vulnerability allows unauthorized scripts to be executed within the user’s browser context.
POC
File: meio_pagamento.php
Payload: <script>alert('Alert: XSS4');</script>
Endpoint: id="meio-pagamento-nome";name="nome"
Reference
https://github.com/nilsonLazarin/WeGIA/issues/789
https://github.com/nilsonmori/WeGIA
Discoverer
Natan Maia Morette and Diego Cardoso Borda Castro, Nov 2024.