Описание
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the action parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?action=1. This issue has been patched in version 3.5.1.
Ссылки
- Release Notes
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.5.1 (исключая)
cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00051
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
EPSS
Процентиль: 16%
0.00051
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79