Siga
Monthly
Stored cross-site scripting (XSS) in projeto-siga SIGA 11.0.3.18 allows authenticated remote attackers to inject malicious scripts via the Nome/Descrição parameter in the /sigawf/app/responsavel/novo endpoint. Successful exploitation requires user interaction (UI:R) and an authenticated session (PR:L), limiting impact to information disclosure (I:L). Public exploit code is available, though exploitation remains constrained by authentication and user interaction requirements.
Stored cross-site scripting (XSS) in projeto-siga SIGA 11.0.3.18 allows authenticated remote attackers to inject malicious scripts via the Nome/Descrição parameter in the /sigawf/app/responsavel/novo endpoint. Successful exploitation requires user interaction (UI:R) and an authenticated session (PR:L), limiting impact to information disclosure (I:L). Public exploit code is available, though exploitation remains constrained by authentication and user interaction requirements.