Cross-Site Scripting Vulnerability in WeGIA Product from LabRedesCefetRJ
CVE-2025-6696

5.1MEDIUM

Key Information:

Vendor

Labredescefetrj

Status
Wegia
Vendor
CVE Published:
26 June 2025

What is CVE-2025-6696?

A cross-site scripting vulnerability exists in the WeGIA 3.4.0 product, specifically in the Cadastro de Atendio component within the Cadastro_Atendido.php file. An attacker can exploit this vulnerability by manipulating the Nome/Sobrenome argument, allowing for the execution of malicious scripts. This issue is particularly concerning as it can be triggered remotely, facilitating potential attacks on unprotected users. Despite early notifications to the vendor regarding this disclosure, no response was received, leaving systems at risk.

Affected Version(s)

WeGIA 3.4.0

References

https://vuldb.com/?id.313962
vdb-entrytechnical-description
https://vuldb.com/?ctiid.313962
signaturepermissions-required
https://vuldb.com/?submit.597078
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

RaulPACXXX (VulDB User)
.
CVE-2025-6696 : Cross-Site Scripting Vulnerability in WeGIA Product from LabRedesCefetRJ