CVE-2025-54077

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `err` parameter. Version 3.4.6 fixes the issue.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-4g9x-whv2-3xr4
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-4g9x-whv2-3xr4

Configurations

No configuration.

History

22 Jul 2025, 16:15

Type	Values Removed	Values Added
References	~~() https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-4g9x-whv2-3xr4 -~~	() https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-4g9x-whv2-3xr4 -

22 Jul 2025, 13:06

Type	Values Removed	Values Added
Summary		(es) WeGIA es un gestor web de código abierto centrado en el idioma portugués y las instituciones benéficas. Se identificó una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado versiones anteriores a la 3.4.6 en el endpoint `personalizacao.php` de la aplicación WeGIA. Esta vulnerabilidad permite a los atacantes inyectar scripts maliciosos en el parámetro `err`. La versión 3.4.6 corrige el problema.

18 Jul 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-18 16:15

Updated : 2025-07-22 16:15

NVD link : CVE-2025-54077

Mitre link : CVE-2025-54077

CVE.ORG link : CVE-2025-54077

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.5 /10