Lislovelly

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.16 **Description** A Stored Cross-Site Scripting (XSS) issue was identified in the WeGIA application, specifically in the "adicionar tipo atendido.php" endpoint. This allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. **Recommendations** For versions prior to 3.2.16, update to version 3.2.16 to resolve the issue. As a temporary workaround, consider restricting access to the "adicionar tipo atendido.php" endpoint to minimize the risk of exploitation. Avoid using the `tipo` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.10 **Description** A Stored Cross-Site Scripting (XSS) vulnerability was identified in the "processa edicao socio.php" endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `socio nome` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. **Recommendations** For versions prior to 3.2.10, update to version 3.2.10 to fix the vulnerability. As a temporary workaround, consider restricting access to the "processa edicao socio.php" endpoint or disabling the `socio nome` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.16 **Description** A Stored Cross-Site Scripting (XSS) issue was identified in the WeGIA application, specifically in the "atendido parentesco adicionar.php" endpoint. This allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. **Recommendations** For versions prior to 3.2.16, update to version 3.2.16 to resolve the issue. As a temporary workaround, consider restricting access to the "atendido parentesco adicionar.php" endpoint until the update is applied. Additionally, avoid using the `descricao` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.16 **Description** A Stored Cross-Site Scripting (XSS) issue was identified in the "adicionar status atendido.php" endpoint, allowing attackers to inject malicious scripts into the `status` parameter. These scripts are stored on the server and executed when the affected page is accessed, posing a significant security risk. **Recommendations** For versions prior to 3.2.16, update to version 3.2.16 to resolve the issue. As a temporary workaround, consider restricting access to the "adicionar status atendido.php" endpoint to minimize the risk of exploitation. Avoid using the `status` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.10 **Description** A SQL Injection vulnerability was identified in the WeGIA application, specifically in the "adicionar cor.php" endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. **Recommendations** For versions prior to 3.2.10, upgrade to version 3.2.10 to fix the issue. As a temporary workaround, consider restricting access to the "adicionar cor.php" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.10 **Description** WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the "adicionar especie.php" endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. **Recommendations** For versions prior to 3.2.10, update to version 3.2.10 to patch the flaw and protect sensitive data. As a temporary workaround, consider restricting access to the "adicionar especie.php" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.10 **Description** A SQL Injection vulnerability was identified in the WeGIA application, specifically in the `adicionar raca.php` endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. **Recommendations** For versions prior to 3.2.10, update to version 3.2.10 to resolve the issue. As a temporary workaround, consider restricting access to the `adicionar raca.php` endpoint until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.6 **Description** A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar permissoes.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg c` parameter. The application fails to validate and sanitize user inputs in the `msg c` parameter, permitting the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. **Recommendations** For WeGIA versions prior to 3.2.6, upgrade to version 3.2.6 or later to address the vulnerability. As a temporary workaround, consider restricting access to the `editar permissoes.php` endpoint until the issue is resolved. Avoid using the `msg c` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.6 **Description** A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `cadastro funcionario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `cpf` parameter. The application fails to validate and sanitize user inputs in the `cpf` parameter, permitting the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. **Recommendations** For versions prior to 3.2.6, upgrade to version 3.2.6 or later to address the issue. As a temporary workaround, consider restricting access to the `cadastro funcionario.php` endpoint until the upgrade is possible. Additionally, avoid using the `cpf` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.6 **Description** A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar escala.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `escala` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar escala.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. **Recommendations** For versions prior to 3.2.6, upgrade to version 3.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `adicionar escala.php` endpoint until the upgrade is applied. Additionally, avoid using the `escala` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.6 **Description** A Stored Cross-Site Scripting (XSS) issue was identified in the "adicionar situacao.php" endpoint of the WeGIA application. This issue allows attackers to inject malicious scripts into the `situacao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar situacao.php` parameter, allowing attackers to inject malicious scripts that are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. **Recommendations** For WeGIA versions prior to 3.2.6, upgrade to version 3.2.6 to address the Stored Cross-Site Scripting (XSS) vulnerability. As a temporary workaround, consider restricting access to the "adicionar situacao.php" endpoint to minimize the risk of exploitation. Avoid using the `situacao` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.6 **Description** A Reflected Cross-Site Scripting (XSS) issue was identified in the `tags.php` endpoint of the WeGIA application. This issue allows attackers to inject malicious scripts in the `msg e` parameter due to the application's failure to validate and sanitize user inputs. The lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. **Recommendations** For versions prior to 3.2.6, upgrade to version 3.2.6 or later to address the issue. As a temporary workaround, consider restricting access to the `tags.php` endpoint until the upgrade is applied. Additionally, avoid using the `msg e` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.6 **Description** A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar tipo quadro horario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar tipo quadro horario.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. **Recommendations** For WeGIA versions prior to 3.2.6, upgrade to version 3.2.6 to address the Stored Cross-Site Scripting (XSS) vulnerability. As a temporary workaround, consider restricting access to the `adicionar tipo quadro horario.php` endpoint until the upgrade is applied. Additionally, avoid using the `tipo` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.7 **Description** A Reflected Cross-Site Scripting (XSS) issue was identified in the "pre cadastro funcionario.php" endpoint of the WeGIA application. This issue allows attackers to inject malicious scripts in the `msg e` parameter due to the application's failure to validate and sanitize user inputs. The lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. **Recommendations** For versions prior to 3.2.7, upgrade to version 3.2.7 to address the issue. As a temporary workaround, consider restricting access to the `pre cadastro funcionario.php` endpoint until the upgrade is applied. Avoid using the `msg e` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.6 **Description** A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `cargo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `control.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. **Recommendations** For versions prior to 3.2.6, upgrade to version 3.2.6 to resolve the issue. As a temporary workaround, consider restricting access to the `control.php` endpoint until the upgrade is applied. Additionally, avoid using the `cargo` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.6 **Description** A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `remuneracao.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `remuneracao.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. **Recommendations** For versions prior to 3.2.6, upgrade to version 3.2.6 to resolve the issue. As a temporary workaround, consider restricting access to the `remuneracao.php` endpoint until the upgrade is applied. Avoid using the `descricao` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.6 **Description** A Stored Cross-Site Scripting (XSS) issue was identified in the `adicionar alergia.php` endpoint of the WeGIA application. This issue allows attackers to inject malicious scripts into the `nome` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar alergia.php` parameter, allowing attackers to inject malicious scripts that are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. **Recommendations** For versions prior to 3.2.6, upgrade to version 3.2.6 to address the Stored Cross-Site Scripting (XSS) issue in the `adicionar alergia.php` endpoint. As a temporary workaround, consider restricting access to the `adicionar alergia.php` endpoint until the upgrade is applied. Additionally, avoid using the `nome` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.6 **Description** A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `informacao adicional.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `informacao adicional.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. **Recommendations** For versions prior to 3.2.6, upgrade to version 3.2.6 to address the issue. As a temporary workaround, consider restricting access to the `informacao adicional.php` endpoint until the upgrade is possible. Additionally, avoid using the `descricao` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.6 **Description** A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente editarInfoPessoal.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `nome` and `SobrenomeForm` parameters. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `dependente editarInfoPessoal.php` parameters. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. **Recommendations** To resolve the issue, update to version 3.2.6 or later. As a temporary workaround, consider restricting access to the `dependente editarInfoPessoal.php` endpoint until the update is applied. Additionally, avoid using the `nome` and `SobrenomeForm` parameters in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.2.6 **Description** WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `Cadastro Atendido.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `cpf` parameter. The application fails to validate and sanitize user inputs in the `cpf` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. **Recommendations** For versions prior to 3.2.6, upgrade to version 3.2.6 to address the issue. As a temporary workaround, consider restricting access to the `Cadastro Atendido.php` endpoint or disabling the use of the `cpf` parameter until the issue is resolved. Avoid using the `cpf` parameter in the affected endpoint until the issue is resolved.