Cyber Posture

CVE-2024-57030

HighPublic PoC

Published: 17 January 2025

Published
17 January 2025
Modified
09 April 2025
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0066 71.3th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57030 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Wegia Wegia. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates XSS by validating the id parameter in /geral/documentos_funcionario.php to prevent injection of malicious scripts.

SI-15 Information Output Filtering good match
prevent

Prevents execution of injected scripts by filtering and encoding information outputs from the vulnerable endpoint.

SI-2 Flaw Remediation good match
prevent

Addresses the specific flaw in Wegia < 3.2.0 by requiring timely remediation through patching to version 3.2.0 or later.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
attack.mitre.org →
Why these techniques?

The reflected XSS vulnerability enables exploitation of a public-facing web application (T1190) and facilitates stealing web session cookies from authenticated users via injected JavaScript (T1539).

NVD Description

Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via the id parameter.

Deeper analysisAI

Wegia versions prior to 3.2.0 contain a Cross-Site Scripting (XSS) vulnerability in the /geral/documentos_funcionario.php component, exploitable through the id parameter. Tracked as CVE-2024-57030 and published on 2025-01-17, this issue corresponds to CWE-79 and carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Remote attackers require no privileges to exploit this vulnerability over the network, though it demands high attack complexity and no user interaction. Successful exploitation enables high-impact consequences on confidentiality, integrity, and availability within the affected application.

Mitigation involves upgrading to Wegia 3.2.0 or later. Additional details, including proof-of-concept exploits, are documented in the research repository at https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57030, with the official project site available at https://www.wegia.org/.

Details

CWE(s)
CWE-79

Affected Products

wegia
wegia
≤ 3.2.0

CVEs Like This One

CVE-2026-23722Same product: Wegia Wegia
CVE-2026-40283Same product: Wegia Wegia
CVE-2025-22597Same product: Wegia Wegia
CVE-2026-33135Same product: Wegia Wegia
CVE-2026-33136Same product: Wegia Wegia
CVE-2025-22598Same product: Wegia Wegia
CVE-2025-22132Same product: Wegia Wegia
CVE-2025-26612Same product: Wegia Wegia
CVE-2025-26609Same product: Wegia Wegia
CVE-2024-57034Same product: Wegia Wegia

References