CVE-2024-53471
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-53471 is a stored cross-site scripting (XSS) vulnerability affecting the component /configuracao/meio_pagamento.php in WeGIA v3.2.0. An attacker can exploit this flaw by injecting a malicious payload into the id or name parameter, which is then stored in the application. Upon subsequent access to the affected page, the injected script is executed in the context of the victim, potentially allowing the attacker to steal sensitive information or take control of the user's session. This issue poses a significant risk to users of the WeGIA software and requires immediate mitigation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.