WeGIA Cross-Site Scripting Vulnerability in File Upload Functionality

A Cross-Site Scripting (XSS) vulnerability exists in WeGIA versions prior to 3.2.6, specifically within the file upload feature of the 'controla_xlsx.php' endpoint. The vulnerability arises because the endpoint allows the upload of files without adequate validation, enabling the inclusion of malicious JavaScript. This could result in the execution of arbitrary scripts in the context of the user's browser, potentially leading to information theft, session hijacking, and other client-side attacks.

Impact

Exploitation of this vulnerability allows for Cross-Site Scripting, where an attacker can execute scripts in the context of the victim's browser. This could lead to session hijacking, information theft, and other forms of client-side exploitation.

Reproduction

To reproduce this vulnerability, upload a file through the 'controla_xlsx.php' endpoint, ensuring the file type is changed to '.php%00' and that it contains a payload, such as a script tag with JavaScript code. After uploading, the file can be accessed through the 'tabelas/xss.php_00' path, where the injected script will execute.

Remediation

Users can update to WeGIA version 3.2.7 or later, where this vulnerability has been fixed.