Reflected XSS Vulnerability in WeGIA Web Manager for Charitable Institutions
CVE-2025-22139

6.1MEDIUM

Key Information:

Vendor

WeGIA

Status
Vendor
CVE Published:
8 January 2025

What is CVE-2025-22139?

A Reflected Cross-Site Scripting vulnerability was discovered in the WeGIA web manager, specifically in the configuracao_geral.php endpoint. This issue enables attackers to inject arbitrary JavaScript code in the msg_c parameter, potentially compromising user sessions or redirecting users to malicious sites. The vulnerability has been addressed in version 3.2.8 of the application, and immediate updates are recommended to ensure system integrity and user safety.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.