CVE-2025-53526
WeGIA allows Stored XSS attacks in novo_memorando.php
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in novo_memorando.php.
After the memo was submitted, the vulnerability was confirmed by accessing listar_memorandos_antigos.php. Upon loading this page, the injected script was executed in the browser. This vulnerability is fixed in 3.4.3.
WeGIA es un gestor web para instituciones benéficas. Se identificó una vulnerabilidad de inyección XSS en novo_memorando.php. Tras enviar el memorando, se confirmó la vulnerabilidad accediendo a listar_memorandos_antigos.php. Al cargar esta página, el script inyectado se ejecutó en el navegador. Esta vulnerabilidad está corregida en la versión 3.4.3.
WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in novo_memorando.php. After the memo was submitted, the vulnerability was confirmed by accessing listar_memorandos_antigos.php. Upon loading this page, the injected script was executed in the browser. This vulnerability is fixed in 3.4.3.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2025-07-02 CVE Reserved
- 2025-07-07 CVE Published
- 2025-07-07 CVE Updated
- 2025-07-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://github.com/LabRedesCefetRJ/WeGIA/commit/f8cf5d0473334e6c28ea7f604da11ee2a7b419df | X_refsource_misc | |
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-46fm-hx2r-69fg | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
LabRedesCefetRJ Search vendor "LabRedesCefetRJ" | WeGIA Search vendor "LabRedesCefetRJ" for product "WeGIA" | < 3.4.3 Search vendor "LabRedesCefetRJ" for product "WeGIA" and version " < 3.4.3" | en |
Affected
|