CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23038 – Cross-Site Scripting (XSS) Stored endpoint 'remuneracao.php ' parameter 'descricao' in WeGIA
https://notcve.org/view.php?id=CVE-2025-23038
13 Jan 2025 — WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `remuneracao.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to pro... • https://github.com/LabRedesCefetRJ/WeGIA/commit/0d81074c6fc0470373ecc85738f47b83357a0a7e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23030 – Cross-Site Scripting (XSS) Reflected endpoint 'cadastro_funcionario.php' parameter 'cpf' in WeGIA
https://notcve.org/view.php?id=CVE-2025-23030
13 Jan 2025 — WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `cadastro_funcionario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `cpf` parameter. The application fails to validate and sanitize user inputs in the `cpf` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to th... • https://github.com/LabRedesCefetRJ/WeGIA/commit/420b88e7aceed53c42e9eff7d21beee8465f93b8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23031 – Cross-Site Scripting (XSS) Stored endpoint 'adicionar_alergia.php' parameter 'nome' in WeGIA
https://notcve.org/view.php?id=CVE-2025-23031
13 Jan 2025 — WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_alergia.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `nome` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to pr... • https://github.com/LabRedesCefetRJ/WeGIA/commit/f35910cb8b9205a6f038ef1e8b3413ea8eee850b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23032 – Cross-Site Scripting (XSS) Stored endpoint 'adicionar_escala.php' parameter 'escala' in WeGIA
https://notcve.org/view.php?id=CVE-2025-23032
13 Jan 2025 — WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_escala.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `escala` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to p... • https://github.com/LabRedesCefetRJ/WeGIA/commit/09affa8ae0dc5f385907137302f7e3d4636147b0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23033 – Cross-Site Scripting (XSS) Stored endpoint 'adicionar_situacao.php' parameter 'situacao' in WeGIA
https://notcve.org/view.php?id=CVE-2025-23033
13 Jan 2025 — WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_situacao.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `situacao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails ... • https://github.com/LabRedesCefetRJ/WeGIA/commit/e6bfae095258e1200192f15bea68a933e9f310b9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23034 – Cross-Site Scripting (XSS) Reflected endpoint 'tags.php' parameter 'msg_e' in WeGIA
https://notcve.org/view.php?id=CVE-2025-23034
13 Jan 2025 — WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `tags.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_e` parameter. The application fails to validate and sanitize user inputs in the `msg_e` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's bro... • https://github.com/LabRedesCefetRJ/WeGIA/commit/8a37021417d9c55e61392b3cc52baa3c73102bab • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23035 – Cross-Site Scripting (XSS) Stored endpoint 'adicionar_tipo_quadro_horario.php' parameter 'tipo' in WeGIA
https://notcve.org/view.php?id=CVE-2025-23035
13 Jan 2025 — WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_quadro_horario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application... • https://github.com/LabRedesCefetRJ/WeGIA/commit/673d7a36baebb1a0093f421cfd51e3df8a55c84a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23036 – Cross-Site Scripting (XSS) Reflected endpoint 'pre_cadastro_funcionario.php' parameter 'msg_e' in WeGIA
https://notcve.org/view.php?id=CVE-2025-23036
13 Jan 2025 — WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `pre_cadastro_funcionario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_e` parameter. The application fails to validate and sanitize user inputs in the `msg_e` parameter. This lack of validation permits the injection of malicious payloads, which are reflected ba... • https://github.com/LabRedesCefetRJ/WeGIA/commit/8369b75f88e64916151e5413a8b7d517d438d7a9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23037 – Cross-Site Scripting (XSS) Stored endpoint 'control.php' parameter 'cargo' in WeGIA
https://notcve.org/view.php?id=CVE-2025-23037
13 Jan 2025 — WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `cargo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly va... • https://github.com/LabRedesCefetRJ/WeGIA/commit/3e4d5a3302164617314edfd6dfdef063dc255cbd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22613 – WeGIA Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'
https://notcve.org/view.php?id=CVE-2025-22613
13 Jan 2025 — WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `informacao_adicional.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fai... • https://github.com/LabRedesCefetRJ/WeGIA/commit/d47412372d94dc3ca26e6416b8315895c61224fa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •