Stored Cross-Site Scripting Vulnerability in WeGIA by LabRedesCefetRJ
CVE-2025-22613
6.4MEDIUM
Key Information:
- Vendor
- Labredescefetrj
- Status
- Wegia
- Vendor
- CVE Published:
- 13 January 2025
Summary
WeGIA, an open source web management application targeting Portuguese-speaking charitable institutions, is vulnerable to Stored Cross-Site Scripting (XSS). The flaw exists in the informacao_adicional.php endpoint where user input is not properly validated or sanitized. This allows attackers to inject malicious scripts through the descricao parameter, which are then stored on the server. When the affected page is accessed, these scripts execute in the browsers of users, potentially leading to data theft and system compromise. Users are strongly advised to update to version 3.2.6 to mitigate this security risk, as there are no known workarounds.
Affected Version(s)
WeGIA < 3.2.6
References
CVSS V4
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved