Volerion logoVolerion
Volerion logoVolerion

WeGIA Reflected Cross-Site Scripting Vulnerability in Profile Pet Endpoint

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the WeGIA application, specifically in versions prior to 3.5.0. The issue resides in the '/pet/profile_pet.php?id_pet=' endpoint, where the application fails to properly validate and sanitize user inputs in the 'id_pet' parameter. This oversight allows attackers to inject malicious scripts that are executed in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a GET request to the '/pet/profile_pet.php' endpoint with a crafted 'id_pet' parameter that includes the malicious script payload. The injected script will be executed in the browser, demonstrating the cross-site scripting vulnerability.

Remediation

Users can update to WeGIA version 3.5.0 or later, where this vulnerability has been patched.

Added: Oct 13, 2025, 10:26 PM
Updated: Oct 13, 2025, 10:26 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.4
exploitability
5.8
remediation
7.7
relevance
0.7
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.