Featured image of post CVE-2024-53471
XSS Moderate WeGia Security WebApp

CVE-2024-53471

Cross-Site Scripting (XSS) Stored

CVE-2024-53471: Stored XSS in meio_pagamento.php function

CVE Publication: https://www.cve.org/CVERecord?id=CVE-2024-53471

Vendor

WeGIA (Web Gerenciador Institucional) is an integrated management system licensed under the GNU GPL v3.0, designed to enhance administration, control, and transparency for institutions.

https://www.wegia.org

https://sol.sbc.org.br/index.php/latinoware/article/view/31544

Affected Product Code Base

WeGIA < v3.2.0

Vulnerability Description

A stored Cross-Site Scripting (XSS) vulnerability was identified in the WeGIA application. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page.

POC

File: meio_pagamento.php

Payload:

1

<script>alert('Alert: XSS4');</script>

Endpoint: id="meio-pagamento-nome", name="nome"

image

Reference

https://www.cve.org/CVERecord?id=CVE-2024-53471

Solution

https://github.com/nilsonLazarin/WeGIA/issues/789

Discoverer

Natan Maia Morette

Contributor

Diego Cardoso Borda Castro

By: CVE-Hunters

© 2020 - 2025 CVE-Hunters
Built with Hugo
Theme Stack designed by Jimmy