← back
CVE-2025-53526

WeGIA allows Stored XSS attacks in novo_memorando.php

CVSS 2 LOWEPSS 0.2%CWE-79
WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in novo_memorando.php. After the memo was submitted, the vulnerability was confirmed by accessing listar_memorandos_antigos.php. Upon loading this page, the injected script was executed in the browser. This vulnerability is fixed in 3.4.3.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
Affected products
LabRedesCefetRJ · WeGIA

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/LabRedesCefetRJ/WeGIA/commit/f8cf5d0473334e6c28ea7f604da11ee2a7b419dfhttps://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-46fm-hx2r-69fg