CVE-2024-57030 – Wegia versions below 3.2.0 contain a cross-site... (How to Fix)

Q: How do I fix CVE-2024-57030?

1. Download Wegia version 3.2.0 or later from the official website. 2. Backup current installation and database. 3. Replace files with patched version. 4. Verify functionality.

Q: What is the severity of CVE-2024-57030?

CVE-2024-57030 has a CVSS score of 8.1 (HIGH). Wegia versions below 3.2.0 contain a cross-site scripting vulnerability in the employee documents page that allows attackers to inject malicious scripts via the 'id' parameter. This affects all users of Wegia web applications running vulnerable versions. Attackers can execute arbitrary JavaScript in victims' browsers when they access manipulated URLs.

📋 TL;DR

Wegia versions below 3.2.0 contain a cross-site scripting vulnerability in the employee documents page that allows attackers to inject malicious scripts via the 'id' parameter. This affects all users of Wegia web applications running vulnerable versions. Attackers can execute arbitrary JavaScript in victims' browsers when they access manipulated URLs.

💻 Affected Systems

Products:

Wegia

Versions: All versions < 3.2.0

Operating Systems: Any

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to the /geral/documentos_funcionario.php endpoint, typically accessible to authenticated users.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover, session hijacking, credential theft, or malware delivery to authenticated users accessing the vulnerable page.

🟠

Likely Case

Session hijacking or credential theft from authenticated users who click malicious links containing the XSS payload.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting malicious URLs with JavaScript payloads in the 'id' parameter and tricking users into visiting them.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.0

Vendor Advisory: https://www.wegia.org/

Restart Required: No

Instructions:

1. Download Wegia version 3.2.0 or later from the official website. 2. Backup current installation and database. 3. Replace files with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to sanitize the 'id' parameter before processing.

Modify /geral/documentos_funcionario.php to validate 'id' parameter as numeric only

Output Encoding

all

Apply proper HTML encoding to user-controlled data before rendering in the document.

Implement htmlspecialchars() or equivalent encoding for 'id' parameter output

🧯 If You Can't Patch

Implement Web Application Firewall (WAF) rules to block XSS payloads in URL parameters.
Deploy Content Security Policy (CSP) headers to restrict script execution sources.

🔍 How to Verify

Check if Vulnerable:

Test by accessing /geral/documentos_funcionario.php?id=<script>alert('XSS')</script> and checking if script executes.

Check Version:

Check Wegia version in admin panel or configuration files.

Verify Fix Applied:

After patching, test the same payload; script should not execute and input should be properly sanitized.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /geral/documentos_funcionario.php with script tags or JavaScript in 'id' parameter
Unusual length or character patterns in 'id' parameter values

Network Indicators:

HTTP requests containing <script> tags or JavaScript functions in URL parameters

SIEM Query:

source="web_logs" AND uri_path="/geral/documentos_funcionario.php" AND (query_string="*<script>*" OR query_string="*javascript:*")

📊 Metadata

CVE ID: CVE-2024-57030

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-79

EPSS Score: 0.7% exploit probability (71.5th percentile)

Published: January 17, 2025

Last Updated: April 9, 2025

🔗 References

https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57030 Exploit,Third Party Advisory
https://www.wegia.org/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57030, you might also want to check these: