Stored Cross-Site Scripting Vulnerability in WeGIA Web Manager
CVE-2025-57762

6.4MEDIUM

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 21 August 2025

🔔 Create Labredescefetrj Vulnerability Alert

What is CVE-2025-57762?

The WeGIA web management application for charitable institutions has a vulnerability present in its dependente_docdependente.php endpoint prior to version 3.4.7. This Stored Cross-Site Scripting (XSS) flaw permits an attacker to inject harmful scripts via the nome parameter. Such malicious scripts can be stored on the server and executed whenever users access the affected pages, which creates serious security implications for end-users. The issue has been addressed in version 3.4.7 of the application.

Affected Version(s)

WeGIA < 3.4.7

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

https://github.com/LabRedesCefetRJ/WeGIA/commit/fb1ab404c...

x_refsource_MISC

CVSS V4

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Aug 19, 2025