Stored Cross-Site Scripting Vulnerabilities in WeGIA Payment Gateway
CVE-2024-53470

Currently unrated

Key Information:

Vendor: WeGIA
Status: WeGIA
Vendor: CVE Published:; 5 December 2024

What is CVE-2024-53470?

WeGIA version 3.2.0 contains multiple stored cross-site scripting vulnerabilities in the /configuracao/gateway_pagamento.php component. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML by injecting malicious payloads through the id or name parameters. This could potentially lead to unauthorized access, user data compromise, or other malicious activities if exploited.

References

https://www.wegia.org

https://github.com/nilsonmori/WeGIA

https://github.com/nmmorette/vulnerability-research/blob/...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Nov 20, 2024