Описание
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/atendido/cadastro_ocorrencia.php endpoint of the WeGIA application. The application does not sanitize user-controlled data before rendering it inside the “Atendido” selection dropdown. This vulnerability is fixed in 3.6.2.
Ссылки
- Issue TrackingPatch
- Release Notes
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.6.2 (исключая)
cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.00028
Низкий
4.3 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
EPSS
Процентиль: 7%
0.00028
Низкий
4.3 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79