Key Information Vulnerability Title WeGIA Web Gerenciador 3.4.0 Persistent Cross-Site Scripting (XSS) Vulnerability Description A persistent cross-site scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the unit registration process in the Materials and Assets module. This vulnerability allows attackers to inject malicious JavaScript code into the unit name field. The code is stored in the database and executed when the terminal user registration interface is accessed. The script will run in the browser context of any user interacting with the page, potentially leading to session hijacking, unauthorized requests, or other authentication attacks. The lack of proper validation or sanitization constitutes a critical security flaw that compromises application integrity and user safety. Steps 1. Log in to the platform. 2. Navigate to “Material > Patrimonio > Entrada > Registrar Entrada”. 3. On the page , click the “+” button under the “Produto” tab. 4. On the page , click the “+” button under the “Unidade” tab. 5. On the page , register a new unit using the following XSS payload: Then click the “Enviar” button to submit the form. 6. The payload will be stored in the system and executed each time the page is loaded, confirming the presence of a persistent cross-site scripting (XSS) vulnerability. Source https://github.com/RaifPereiraexss/PucVulnDb