CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22596 – WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint 'modulos_visiveis.php' parameter'msg_c'
https://notcve.org/view.php?id=CVE-2025-22596
10 Jan 2025 — WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the modulos_visiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jcj3-gqj3-rrvm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22143 – WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'listar_permissoes.php' parameter 'msg_e'
https://notcve.org/view.php?id=CVE-2025-22143
08 Jan 2025 — WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_permissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_e parameter. This vulnerability is fixed in 3.2.8. • https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-gxh2-8jxp-m59h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •