WeGIA Stored Cross-Site Scripting Vulnerability in Password Configuration Page

A stored cross-site scripting vulnerability has been identified in WeGIA versions 3.5.4 and prior. The issue resides in the 'configurar_senhas.php' endpoint, where employee names are fetched from the database and directly injected into HTML option elements without proper sanitization. This flaw allows for the execution of arbitrary JavaScript in the context of the user's browser, potentially leading to session hijacking or unauthorized actions on behalf of the user.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the victim's browser, which could result in session theft, account takeover, or unauthorized actions performed on behalf of the user.

Reproduction

To reproduce this vulnerability, log in as a user with permission to create or edit employees. Insert a script payload into the 'Nome' field when adding or editing an employee. After saving the entry, navigate to the 'configurar_senhas.php' page, where the injected script will execute immediately.

Remediation

Users can upgrade to WeGIA version 3.5.5, where this vulnerability has been patched.