CVE-2025-53377

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro_dependente_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_funcionario parameter. This vulnerability is fixed in 3.4.3.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*

History

10 Jul 2025, 14:56

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
First Time Wegia wegia
Wegia
CPE cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*
References () https://github.com/LabRedesCefetRJ/WeGIA/commit/8ab726c9f4d0fce7ad6c66640c3126f95f73ddd7 - () https://github.com/LabRedesCefetRJ/WeGIA/commit/8ab726c9f4d0fce7ad6c66640c3126f95f73ddd7 - Patch
References () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qgrq-qjq6-h6gj - () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qgrq-qjq6-h6gj - Exploit, Vendor Advisory

08 Jul 2025, 14:15

Type Values Removed Values Added
Summary
  • (es) WeGIA es un gestor web para instituciones benéficas. Se identificó una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado en el endpoint cadastro_dependente_pessoa_nova.php de la aplicación WeGIA. Esta vulnerabilidad permite a los atacantes inyectar scripts maliciosos en el parámetro id_funcionario. Esta vulnerabilidad se corrigió en la versión 3.4.3.
References () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qgrq-qjq6-h6gj - () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qgrq-qjq6-h6gj -

07 Jul 2025, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-07 17:15

Updated : 2025-07-10 14:56


NVD link : CVE-2025-53377

Mitre link : CVE-2025-53377

CVE.ORG link : CVE-2025-53377


JSON object : View

Products Affected

wegia

  • wegia
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')