Cross Site Scripting Vulnerability in LabRedesCefetRJ WeGIA 3.4.0
CVE-2025-6695

5.1MEDIUM

Key Information:

Vendor

Labredescefetrj

Status
Wegia
Vendor
CVE Published:
26 June 2025

What is CVE-2025-6695?

A cross site scripting vulnerability has been identified in the LabRedesCefetRJ WeGIA version 3.4.0, specifically in the handling of arguments within the adicionar_categoria.php file. This flaw allows attackers to craft input that will be executed in the context of a victim's browser, potentially leading to data theft, session hijacking, or redirecting users to malicious sites. The exploitation can be performed remotely, making it critical for users of this software to take immediate action to secure their applications. The vendor has been notified about this issue but has not responded publicly, increasing the urgency for users to mitigate this risk.

Affected Version(s)

WeGIA 3.4.0

References

https://vuldb.com/?id.313961
vdb-entrytechnical-description
https://vuldb.com/?ctiid.313961
signaturepermissions-required
https://vuldb.com/?submit.597071
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RaulPACXXX (VulDB User)
.
CVE-2025-6695 : Cross Site Scripting Vulnerability in LabRedesCefetRJ WeGIA 3.4.0