WeGIA Stored Cross-Site Scripting (XSS) vulnerability in the endpoint ‘dependente

6.4 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H

Description

WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Stored Cross-Site Scripting (XSS) vulnerability in the dependente_docdependente.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the nome parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.4.7.

Basic Information

ID CVE-2025-57762

Source GitHub_M

Published Aug 21, 2025 at 16:46

Modified Aug 21, 2025 at 17:30

Affected Product

Vendor LabRedesCefetRJ

Product WeGIA

Version < 3.4.7

Affected Versions LabRedesCefetRJ WeGIA < 3.4.7

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Stored Cross-Site Scripting (XSS) vulnerability in the dependente_docdependente.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the nome parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.4.7.",
    "published": "2025-08-21T16:46:54.546Z",
    "modified": "2025-08-21T17:30:59.655Z",
    "type": "cve",
    "title": "WeGIA Stored Cross-Site Scripting (XSS) vulnerability in the endpoint 'dependente_docdependente.php' with parameter 'nome'",
    "source": "GitHub_M",
    "references": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-494r-43f3-p828\nhttps://github.com/LabRedesCefetRJ/WeGIA/commit/fb1ab404c564e4dce32796b4b68cd192731207f3",
    "id": "CVE-2025-57762",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "LabRedesCefetRJ WeGIA < 3.4.7",
    "sourceHref": "",
    "cvss": {
        "score": 6.4,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WeGIA",
    "version": "< 3.4.7",
    "vendor": "LabRedesCefetRJ",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WeGIA Stored Cross-Site Scripting (XSS) vulnerability in the endpoint ‘dependente_docdependente.php’ with parameter ‘nome’_CVE-2025-57762