WeGIA Stored Cross-Site Scripting Vulnerability Allowing Session Hijacking

A stored cross-site scripting vulnerability has been identified in WeGIA versions prior to 3.7.3. This issue allows authenticated users to inject malicious JavaScript into the 'Etapas de um Processo' page. The injected script is executed when the page is accessed, potentially leading to session hijacking and account takeover. The vulnerability arises because the application fails to properly sanitize user input in the name field, which is displayed in system notifications. Attackers can exploit this by injecting harmful HTML or JavaScript when creating or modifying a user. Once an 'etapa' is registered, the application renders the description without adequate escaping, allowing the execution of injected code in the browser.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of the victim's browser, stealing session cookies, performing actions on behalf of the authenticated user, and potentially taking over the user's account.

Reproduction

To reproduce this vulnerability, register an 'etapa' within an existing process, ensuring that the 'description' field contains a payload such as an image tag with an 'onerror' event. Once the 'etapa' is created, navigate to the 'Etapas' page to observe the execution of the injected script.

Remediation

Users can upgrade to WeGIA version 3.7.3 or later to address this vulnerability.