WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Reflected Cross-Site Scripting (XSS) vulnerability in the insere_despacho.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the cpf sccs. This vulnerability is fixed in 3.4.7.
References
Link | Resource |
---|---|
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-67w3-jf96-f754 | Exploit Vendor Advisory |
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-67w3-jf96-f754 | Exploit Vendor Advisory |
Configurations
History
22 Aug 2025, 21:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:* | |
First Time |
Wegia wegia
Wegia |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-67w3-jf96-f754 - Exploit, Vendor Advisory |
22 Aug 2025, 18:08
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Aug 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-67w3-jf96-f754 - |
21 Aug 2025, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-08-21 17:15
Updated : 2025-08-22 21:11
NVD link : CVE-2025-57763
Mitre link : CVE-2025-57763
CVE.ORG link : CVE-2025-57763
JSON object : View
Products Affected
wegia
- wegia
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')