CVE-2025-57763

WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Reflected Cross-Site Scripting (XSS) vulnerability in the insere_despacho.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the cpf sccs. This vulnerability is fixed in 3.4.7.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*

History

22 Aug 2025, 21:11

Type Values Removed Values Added
CPE cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*
First Time Wegia wegia
Wegia
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
References () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-67w3-jf96-f754 - () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-67w3-jf96-f754 - Exploit, Vendor Advisory

22 Aug 2025, 18:08

Type Values Removed Values Added
Summary
  • (es) WeGIA es un gestor web para instituciones benéficas. En versiones anteriores a la 3.4.7, existía una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el endpoint insere_despacho.php de la aplicación WeGIA. Esta vulnerabilidad permitía a los atacantes inyectar scripts maliciosos en el archivo cpf sccs. Esta vulnerabilidad se corrigió en la 3.4.7.

21 Aug 2025, 18:15

Type Values Removed Values Added
References () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-67w3-jf96-f754 - () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-67w3-jf96-f754 -

21 Aug 2025, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-08-21 17:15

Updated : 2025-08-22 21:11


NVD link : CVE-2025-57763

Mitre link : CVE-2025-57763

CVE.ORG link : CVE-2025-57763


JSON object : View

Products Affected

wegia

  • wegia
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')