| Title | WeGIA WeGIA Web Gerenciador 3.4.0 Stored Cross Site Scripting |
|---|
| Description | #Vulnerability Type: Stored Cross-Site Scripting (XSS)
#Affected Application: WeGIA 3.4.0
#Vulnerability Location: /html/matPat/adicionar_categoria.php
#Impact: Persistent execution of arbitrary JavaScript code in the context of the application
PoC for exploitation stored XSS in WeGIA
1 - Log in to the platform.:
2 - Go to the section "Material e Patrimonio > Entrada > Registrar Entrada":
3 - On the page /html/matPat/cadastro_entrada.php, click the "+" button under the "Produto" tab.
4 - On the page /html/matPat/cadastro_produto.php, click the "+" button under the "Categoria" tab.
5 - On the page /html/matPat/adicionar_categoria.php, register a new unit using the following XSS payload:
<script>alert('Poc VulDB')</script>
Then, click the first "Enviar" button to submit the form.
6 - The payload will be stored in the system and will be executed every time the page /html/matPat/cadastro_produto.php is loaded, confirming the presence of a Stored Cross-Site Scripting (XSS) vulnerability.
|
|---|
| Source | ⚠️ https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README2.md |
|---|
| User | RaulPACXXX (UID 84502) |
|---|
| Submission | 06/14/2025 17:11 (1 Year ago) |
|---|
| Moderation | 06/26/2025 10:11 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 313961 [LabRedesCefetRJ WeGIA 3.4.0 Additional Categoria adicionar_categoria.php Insira a nova categoria cross site scripting] |
|---|
| Points | 20 |
|---|