SoluçõesCoop iSoluçõesWEB Cross-Site Scripting Vulnerability
Vulnerability
A stored cross-site scripting vulnerability has been identified in SoluçõesCoop iSoluçõesWEB versions prior to 20250519. The issue arises in the Flow Handler component, specifically within the file '/fluxos-dashboard'. The vulnerability is triggered by manipulating the 'Descrição da solicitação' argument, which allows the execution of malicious JavaScript code that is stored and later executed when the content is viewed. This vulnerability can be exploited remotely, but requires user interaction.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected content.
Reproduction
To reproduce this vulnerability, first authenticate and navigate to the '/fluxos-dashboard' page. Create a flow and insert a message that includes a script payload. Once the flow is saved, the injected script will execute when the flow is viewed, demonstrating the cross-site scripting vulnerability.
Remediation
Users are advised to upgrade to a version of SoluçõesCoop iSoluçõesWEB released after 20250519.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.