CVE-2025-29782

WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. Version 3.2.17 contains a patch for the issue.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/v3.2.17	Release Notes
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-5x5w-5c99-vr8h	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*

History

25 Mar 2025, 20:12

Type	Values Removed	Values Added
Summary		(es) WeGIA es un gestor web para instituciones benéficas. Se identificó una vulnerabilidad de cross-site scripting (XSS) almacenado en el endpoint `adicionar_tipo_docs_atendido.php` en versiones de la aplicación WeGIA anteriores a la 3.2.17. Esta vulnerabilidad permite a los atacantes inyectar scripts maliciosos en el parámetro `tipo`. Los scripts inyectados se almacenan en el servidor y se ejecutan automáticamente cada vez que los usuarios acceden a la página afectada, lo que supone un riesgo de seguridad significativo. La versión 3.2.17 incluye un parche para solucionar el problema.
References	~~() https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/v3.2.17 -~~	() https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/v3.2.17 - Release Notes
References	~~() https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-5x5w-5c99-vr8h -~~	() https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-5x5w-5c99-vr8h - Exploit, Vendor Advisory
CPE		cpe:2.3:a:wegia:wegia::::::::
First Time		Wegia Wegia wegia
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4

14 Mar 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-14 19:15

Updated : 2025-03-25 20:12

NVD link : CVE-2025-29782

Mitre link : CVE-2025-29782

CVE.ORG link : CVE-2025-29782

JSON object : View

Products Affected

wegia

wegia

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4 /10