WeGIA Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the WeGIA application, prior to version 3.4.5. The issue resides in the 'adicionar_cor.php' endpoint, where the 'cor' parameter lacks proper validation and sanitization. This flaw allows attackers to inject malicious scripts that are stored on the server and executed automatically when the 'cadastro_pet.php' page is accessed by users. The vulnerability poses significant security risks, including the potential for session hijacking and the execution of malicious scripts in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the affected page. This could lead to session hijacking, theft of cookies, credentials, and sensitive information, as well as the execution of browser-based exploits or malware delivery.

Reproduction

To reproduce this vulnerability, send a POST request to the 'adicionar_cor.php' endpoint with a 'cor' parameter containing a script payload, such as a script tag including JavaScript code, such as an alert of the document's cookies. Once the payload is injected, access the 'cadastro_pet.php' page, where the injected script will be executed, demonstrating the cross-site scripting vulnerability.

Remediation

Users can update to WeGIA version 3.4.5 or later, where this vulnerability has been fixed.