WeGIA Reflected Cross-Site Scripting Vulnerability in configuracao_geral.php Log Parameter

A reflected cross-site scripting vulnerability has been identified in WeGIA versions prior to 3.5.1. The issue resides in the log parameter of the configuracao_geral.php file, where an attacker can inject arbitrary JavaScript that executes in the victim's browser. This vulnerability can be exploited to hijack the victim's session by exfiltrating the PHPSESSID cookie, provided that the cookie is not set with HttpOnly and Secure flags.

Impact

Exploitation of this vulnerability allows for arbitrary JavaScript execution in the context of the victim's browser. This can lead to session hijacking by stealing the PHPSESSID cookie, especially if the cookie lacks HttpOnly and Secure flags.

Reproduction

To reproduce this vulnerability, send a request to configuracao_geral.php with a base64-encoded payload in the log parameter. The injected script will execute in the browser, demonstrating the cross-site scripting vulnerability. If the session cookie is not protected with HttpOnly, it can be accessed and stolen by the injected script, leading to session hijacking.

Remediation

Users can upgrade to WeGIA version 3.5.1 or later to address this vulnerability.