CVE-2024-53471

Name of the Vulnerable Software and Affected Versions WeGIA version 3.2.0

Description The issue concerns multiple stored cross-site scripting (XSS) vulnerabilities in the /configuracao/meio pagamento.php component. Attackers can execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter. This could potentially lead to account takeover.

Recommendations For WeGIA version 3.2.0, patch immediately and validate all user input to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the /configuracao/meio pagamento.php component until a patch is available. Avoid using the id or name parameters in the affected component until the issue is resolved.