Unrated severityNVD Advisory· Published Aug 21, 2025· Updated Aug 21, 2025

WeGIA Stored Cross-Site Scripting (XSS) vulnerability in the endpoint 'dependente_docdependente.php' with parameter 'nome'

CVE-2025-57762

Description

WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Stored Cross-Site Scripting (XSS) vulnerability in the dependente_docdependente.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the nome parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.4.7.

Affected products

LabRedesCefetRJ/Wegiav5
Range: < 3.4.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/LabRedesCefetRJ/WeGIA/commit/fb1ab404c564e4dce32796b4b68cd192731207f3mitrex_refsource_MISC
github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-494r-43f3-p828mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000