Key Information Vulnerability Type Cross-Site Scripting (XSS): Stored Cross-Site Scripting. Vulnerability Description Vulnerable Endpoint: Parameters: , Issue: The application fails to properly validate and sanitize user input, allowing malicious scripts to be stored on the server and automatically executed when the affected page is accessed. Proof of Concept (PoC) Payload: Steps: 1. Insert the payload into the parameter. 2. Save. 3. Navigate to the “Histórico” tab. Impact Session Cookie Theft: Attackers can steal session cookies to hijack user sessions and perform actions on behalf of the user. Malware Download: Attackers can trick users into downloading and installing malware. Browser Hijacking: Attackers can hijack the user’s browser or deliver browser-based exploits. Credential Theft: Attackers can steal user credentials. Sensitive Information Disclosure: Attackers can access sensitive information stored in user accounts or browsers. Website Tampering: Attackers can alter website content. User Misdirection: Attackers can manipulate instructions for website visitors, misleading their behavior. Reputation Damage: Attackers can damage the organization’s reputation by defacing company websites or spreading false information. References CVE-2025-8786 VulnDB-319314 i-diario – Official Repository Discoverer Marcelo Queiroz CVE-Hunters