Wagner Dracha

**Name of the Vulnerable Software and Affected Versions** Portal do Software Publico Brasileiro i3geo version 7.0.5 **Description** The issue is a cross-site scripting (XSS) vulnerability. It was discovered via the svg2img.php file. **Recommendations** For version 7.0.5, consider disabling access to the svg2img.php file as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Portal do Software Publico Brasileiro i3geo version 7.0.5 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability was discovered via the access token.php file. Cross-site scripting (XSS) is a type of security vulnerability that allows an attacker to inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For version 7.0.5, consider restricting access to the access token.php file until a patch is available. As a temporary workaround, avoid using the access token.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Portal do Software Publico Brasileiro i3geo version 7.0.5 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability was discovered via the request token.php file, which suggests it may be related to the handling of request tokens. Cross-site scripting (XSS) is a type of security vulnerability that can allow an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control of user sessions. **Recommendations** For version 7.0.5, consider restricting access to the request token.php file until a patch is available. As a temporary workaround, disabling the execution of scripts from this file may help mitigate the risk of exploitation.