제출 #595343: WeGIA WeGIA Web Gerenciador 3.4.0 Stored Cross Site Scripting정보

제목WeGIA WeGIA Web Gerenciador 3.4.0 Stored Cross Site Scripting
설명A persistent Cross-Site Scripting (XSS) vulnerability was identified in the WeGIA system, specifically within the unit registration flow in the Materials and Assets module. The flaw allows an attacker to inject malicious JavaScript code into the unit name field, which is then stored in the database and executed whenever the product registration interface is accessed. The script executes in the browser context of any user who interacts with that page, enabling potential session hijacking, unauthorized redirects, or other client-side attacks. The lack of proper input validation or sanitization represents a critical security flaw that compromises both the integrity of the application and the safety of its users. Step by Step: 1 - Log in to the platform. 2 - Go to the section: "Material e Patrimônio > Entrada > Registrar Entrada" 3 - On the page /html/matPat/cadastro_entrada.php, click the "+" button under the "Produto" tab. 4 - On the page /html/matPat/cadastro_produto.php, click the "+" button under the "Unidade" tab. 5 - On the page /html/matPat/adicionar_unidade.php, register a new unit using the following XSS payload: <script>alert('PoC VulDB')</script> Then, click the first "Enviar" button to submit the form. 6 - The payload will be stored in the system and will be executed every time the page /html/matPat/cadastro_produto.php is loaded, confirming the presence of a Stored Cross-Site Scripting (XSS) vulnerability.
원천⚠️ https://github.com/RaulPazemecxas/PoCVulDb
사용자
 RaulPACXXX (UID 84502)
제출2025. 06. 11. AM 11:11 (1 년도 ago)
모더레이션2025. 06. 26. AM 10:11 (15 days later)
상태수락
VulDB 항목313960 [LabRedesCefetRJ WeGIA 3.4.0 Adicionar Unidade adicionar_unidade.php Insira a nova unidade 크로스 사이트 스크립팅]
포인트들20

Might our Artificial Intelligence support you?

Check our Alexa App!