Can you explain this vulnerability to me?

This vulnerability is a Stored Cross-Site Scripting (XSS) issue in WeGIA, a web manager for charitable institutions. In versions before 3.6.10, an authenticated user can inject malicious JavaScript code through the "Nome" field on the "Informações Pacientes" page. This malicious code is then stored and executed whenever the patient information is viewed.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability allows an authenticated user to execute malicious JavaScript in the context of other users viewing patient information. This can lead to unauthorized actions or data exposure within the application. Since the CVSS score indicates high confidentiality impact, sensitive data could be compromised, although integrity and availability are not affected.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade WeGIA to version 3.6.10 or later, as this version fixes the Stored Cross-Site Scripting (XSS) issue.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability is a Stored Cross-Site Scripting (XSS) issue in WeGIA versions prior to 3.6.10, exploitable by an authenticated user injecting malicious JavaScript via the "Nome" field on the "Informações Pacientes" page.

To detect this vulnerability on your system, you should verify the version of WeGIA you are running. If it is earlier than 3.6.10, it is potentially vulnerable.

Since the vulnerability requires authentication and injection into a specific field, detection involves checking for suspicious or unexpected JavaScript code stored in the "Nome" field of patient information.

There are no specific commands provided in the available information to detect this vulnerability automatically.

Useful 0 Not Useful 0