CVE-2024-53470

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 5, 2024
Updated: Dec 10, 2024
CWE ID 79

Summary

CVE-2024-53470 is a newly disclosed vulnerability affecting the /configuracao/gateway_pagamento.php component of WeGIA v3.2.0. This issue permits attackers to inject and execute arbitrary web scripts or HTML through stored cross-site scripting (XSS) attacks. The vulnerability can be exploited by manipulating the id or name parameter with a specially crafted payload. Successful exploitation could lead to unauthorized access, data theft, or system compromise. Users are advised to update their WeGIA installation as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share