| Kura | WeGIA WeGIA Web Gerenciador 3.4.0 Stored Cross Site Scripting |
|---|
| Gaskiya | A persistent Cross-Site Scripting (XSS) vulnerability has been identified in the WeGIA application, version 3.4.0. The issue occurs specifically on the employee registration page, accessible via /html/funcionario/cadastro_funcionario.php?cpf=CPF, within the "Nome" and "Sobrenome" input fields. An authenticated attacker can inject malicious JavaScript code into these fields, such as the payload <script>alert('Poc VulDB Teste cadastro_funcionario')</script>. This code is stored in the database without any proper validation or sanitization, and is later executed automatically whenever the employee data is loaded in other parts of the system.
The execution of the script was confirmed during the process of creating a new memorandum in the "Memorando > Criar Memorando" section, where the employee data is reused. When the page /html/memorando/insere_despacho.php is accessed after creating the memorandum, the previously injected JavaScript is executed in the user's browser context, clearly demonstrating the vulnerability.
This flaw poses a serious security risk, as it allows malicious scripts to be executed in the browsers of any users interacting with the application, potentially leading to session hijacking, unauthorized redirects, data theft, and other client-side attacks. The lack of proper input sanitization and validation mechanisms compromises both the integrity of the application and the security of its users.
1 - Log in to the platform.
Access the application with valid credentials.
2 - Go to the page Pessoas > Funcionarios > Cadastrar Funcionario in the /html/funcionario/pre_cadastro_funcionario.php page. Insert a valid CPF.
3 - Go to the page html/funcionario/cadastro_funcionario.php?cpf={CPF} and insert the following payload in the "Nome" and "Sobrenome" fields, then click "Enviar":
<script>alert('Poc VulDB Teste cadastro_funcionario')</script>
4 - Go to “Memorando” > “Criar Memorando” and register a new Memorando 'test' (the page is /html/memorando/novo_memorandoo.php) and click in "Criar Memorando" buttom.
This section loads the stored data of the registered in html/funcionario/cadastro_funcionario.php?cpf={CPF}.
5 - The JavaScript payload will be executed every time the page /html/memorando/insere_despacho.php?id_memorando=ID&msg=success&sccs=Memorando%20criado%20com%20sucesso is accessed, confirming that the application is vulnerable to Stored XSS.
|
|---|
| Manga | ⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README7.md |
|---|
| Màdùmga | RaulPACXXX (UID 84502) |
|---|
| Furta | 06/16/2025 02:03 (8 Wurɗi 전) |
|---|
| Gargajiya | 06/26/2025 10:11 (10 days later) |
|---|
| Halitta | Shingilam |
|---|
| VulDB gite | 313965 [LabRedesCefetRJ WeGIA 3.4.0 Cadastro de Funcionário cadastro_funcionario.php Nome/Sobrenome Cross Site Scripting] |
|---|
| Nganji | 20 |
|---|