WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro_dependente_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_funcionario parameter. This vulnerability is fixed in 3.4.3.
References
Link | Resource |
---|---|
https://github.com/LabRedesCefetRJ/WeGIA/commit/8ab726c9f4d0fce7ad6c66640c3126f95f73ddd7 | Patch |
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qgrq-qjq6-h6gj | Exploit Vendor Advisory |
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qgrq-qjq6-h6gj | Exploit Vendor Advisory |
Configurations
History
10 Jul 2025, 14:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
First Time |
Wegia wegia
Wegia |
|
CPE | cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:* | |
References | () https://github.com/LabRedesCefetRJ/WeGIA/commit/8ab726c9f4d0fce7ad6c66640c3126f95f73ddd7 - Patch | |
References | () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qgrq-qjq6-h6gj - Exploit, Vendor Advisory |
08 Jul 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qgrq-qjq6-h6gj - |
07 Jul 2025, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-07-07 17:15
Updated : 2025-07-10 14:56
NVD link : CVE-2025-53377
Mitre link : CVE-2025-53377
CVE.ORG link : CVE-2025-53377
JSON object : View
Products Affected
wegia
- wegia
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')