CVE-2022-34094

Name of the Vulnerable Software and Affected Versions Portal do Software Publico Brasileiro i3geo version 7.0.5

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability was discovered via the request token.php file, which suggests it may be related to the handling of request tokens. Cross-site scripting (XSS) is a type of security vulnerability that can allow an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control of user sessions.

Recommendations For version 7.0.5, consider restricting access to the request token.php file until a patch is available. As a temporary workaround, disabling the execution of scripts from this file may help mitigate the risk of exploitation.