Stored XSS Vulnerability in WeGIA Web Application Affecting Charitable Institutions
CVE-2025-22618

5.4MEDIUM

Key Information:

Vendor: WeGIA
Status: WeGIA Web Manager
Vendor: CVE Published:; 13 January 2025

What is CVE-2025-22618?

The WeGIA web management application, which primarily supports Portuguese-speaking charitable institutions, is vulnerable to a Stored Cross-Site Scripting (XSS) flaw. The vulnerability exists in the adicionar_cargo.php endpoint, where inadequate input validation allows attackers to inject harmful scripts through the cargo parameter. Once the scripts are submitted, they are saved on the server and automatically executed whenever the affected page is accessed by any user, leading to potential compromise of user data and system integrity. Users are urged to upgrade to version 3.2.6 or higher, as there are no known workarounds for this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/LabRedesCefetRJ/WeGIA/commit/f3b1cd90e...

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 13, 2025

JSON

WeGIA

What is CVE-2025-22618?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.