CVE-2025-30363

WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.6 fixes the issue.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qhfm-2qfp-h4m3	Exploit Vendor Advisory
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qhfm-2qfp-h4m3	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*

History

10 Apr 2025, 15:09

Type	Values Removed	Values Added
First Time		Wegia Wegia wegia
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4
Summary		(es) WeGIA es un gestor web para instituciones benéficas. Se identificó una vulnerabilidad de cross-site scripting (XSS) almacenado en versiones anteriores a la 3.2.6. Esta vulnerabilidad permite la ejecución de scripts no autorizados en el navegador del usuario. El XSS almacenado es especialmente crítico, ya que el código malicioso se almacena permanentemente en el servidor y se ejecuta cada vez que se carga una página comprometida, afectando a todos los usuarios que acceden a ella. La versión 3.2.6 corrige el problema.
References	~~() https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qhfm-2qfp-h4m3 -~~	() https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qhfm-2qfp-h4m3 - Exploit, Vendor Advisory
CPE		cpe:2.3:a:wegia:wegia::::::::

27 Mar 2025, 19:15

Type	Values Removed	Values Added
References	~~() https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qhfm-2qfp-h4m3 -~~	() https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qhfm-2qfp-h4m3 -

27 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-27 17:15

Updated : 2025-04-10 15:09

NVD link : CVE-2025-30363

Mitre link : CVE-2025-30363

CVE.ORG link : CVE-2025-30363

JSON object : View

Products Affected

wegia

wegia

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4 /10