https://www.cvehunters.com/p/cve-2026-6990/ Cross-Site Scripting (XSS) Stored https://www.cvehunters.com/p/cve-2026-6990/ https://www.cvehunters.com/p/cve-2026-6990/ <h2 id="cve-2026-6990-cross-site-scripting-xss-stored-in-new-sigawfappresponsavelnovo-parameter-descrição">CVE-2026-6990: Cross-Site Scripting (XSS) Stored in new <code>/sigawf/app/responsavel/novo</code> parameter <code>Descrição</code> </h2><blockquote> <p><em><strong>CVE Publication: <a class="link" href="https://www.cve.org/CVERecord?id=CVE-2026-6990" target="_blank" rel="noopener" >https://www.cve.org/CVERecord?id=CVE-2026-6990</a></strong></em></p> </blockquote> <h2 id="summary">Summary </h2><p style="text-align: justify;">A Stored Cross-Site Scripting (XSS) vulnerability was identified in the <code>/sigawf/app/responsavel/novo</code> endpoint of the SIGA application. This vulnerability allows attackers to inject malicious scripts into the <code>Descrição</code> parameter. The injected scripts are stored on the server and executed automatically whenever the <code>/sigawf/app/responsavel/listar</code> page is accessed by users, representing a significant security risk.</p> <h2 id="details">Details </h2><p>Vulnerable Endpoint: <code>/sigawf/app/responsavel/novo</code></p><h2 id="cve-2026-6990-cross-site-scripting-xss-stored-in-new-sigawfappresponsavelnovo-parameter-descrição">CVE-2026-6990: Cross-Site Scripting (XSS) Stored in new <code>/sigawf/app/responsavel/novo</code> parameter <code>Descrição</code> </h2><blockquote> <p><em><strong>CVE Publication: <a class="link" href="https://www.cve.org/CVERecord?id=CVE-2026-6990" target="_blank" rel="noopener" >https://www.cve.org/CVERecord?id=CVE-2026-6990</a></strong></em></p> </blockquote> <h2 id="summary">Summary </h2><p style="text-align: justify;">A Stored Cross-Site Scripting (XSS) vulnerability was identified in the <code>/sigawf/app/responsavel/novo</code> endpoint of the SIGA application. This vulnerability allows attackers to inject malicious scripts into the <code>Descrição</code> parameter. The injected scripts are stored on the server and executed automatically whenever the <code>/sigawf/app/responsavel/listar</code> page is accessed by users, representing a significant security risk.</p> <h2 id="details">Details </h2><p>Vulnerable Endpoint: <code>/sigawf/app/responsavel/novo</code></p> <p>Parameter: <code>Descrição</code></p> <h2 id="poc">PoC </h2><h3 id="payload">Payload </h3><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-html" data-lang="html"><span class="line"><span class="cl"><span class="p"><</span><span class="nt">img</span> <span class="na">src</span><span class="o">=</span><span class="s">x</span> <span class="na">onerror</span><span class="o">=</span><span class="s">alert(document.cookie)//</span> </span></span></code></pre></td></tr></table> </div> </div><h3 id="steps-to-reproduce">Steps to Reproduce: </h3><p style="text-align: justify;"> Register the payload in the <code>Descrição</code> field at the <code>/sigawf/app/responsavel/novo</code> endpoint.</p> <p><img src="/p/cve-2026-6990/image.png" width="924" height="266" srcset="/p/cve-2026-6990/image_hu_257390f57da3ef36.png 480w, /p/cve-2026-6990/image_hu_e31e27a952009eca.png 1024w" loading="lazy" class="gallery-image" data-flex-grow="347" data-flex-basis="833px" /></p> <p style="text-align: justify;"> After that, the XSS can be triggered by opening the <code>/sigawf/app/responsavel/listar</code> endpoint.</p> <p><img src="/p/cve-2026-6990/image-1.png" width="478" height="164" srcset="/p/cve-2026-6990/image-1_hu_4ede61fcf518e8ab.png 480w, /p/cve-2026-6990/image-1_hu_6277af4afca73498.png 1024w" loading="lazy" class="gallery-image" data-flex-grow="291" data-flex-basis="699px" /></p> <h2 id="impact">Impact </h2><p style="text-align: justify;"> <ul> <li>Session hijacking: Stealing cookies or authentication tokens to impersonate users.</li> <li>Credential theft: Harvesting usernames and passwords using malicious scripts.</li> <li>Malware delivery: Distributing unwanted or harmful code to victims.</li> <li>Privilege escalation: Compromising administrative users through persistent scripts.</li> <li>Data manipulation or defacement: Changing or disrupting site content.</li> <li>Reputation damage: Eroding trust among site users and administrators.</li> </ul> </p> <h2 id="reference">Reference </h2><p><em><strong><a class="link" href="https://github.com/ViniCastro2001/Security_Reports/tree/main/siga/Stored-XSS-Responsavel" target="_blank" rel="noopener" >https://github.com/ViniCastro2001/Security_Reports/tree/main/siga/Stored-XSS-Responsavel</a></strong></em></p> <h2 id="finder">Finder </h2><p><a class="link" href="http://www.linkedin.com/in/vinicius-gross-castro" target="_blank" rel="noopener" ><img src="/assets/contributors/50x50/viniciusCastro50x50.png" loading="lazy" /></a> <a class="link" href="http://www.linkedin.com/in/vinicius-gross-castro" target="_blank" rel="noopener" >Vinicius Castro</a></p> <blockquote> <p><em><strong>By: <a class="link" href="https://github.com/CVE-Hunters/cve-hunters" target="_blank" rel="noopener" >CVE-Hunters</a></strong></em></p> </blockquote> Sat, 25 Apr 2026 00:00:00 +0000