First published: Fri Jan 10 2025(Updated: )
WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wegia Wegia | <3.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2025-22597 is classified as high due to its potential to allow attackers to execute malicious scripts.
To fix CVE-2025-22597, sanitize and validate the 'local_recepcao' parameter in the CobrancaController.php endpoint to prevent stored XSS.
CVE-2025-22597 affects WeGIA versions up to 3.2.8 exclusively.
CVE-2025-22597 is classified as a Stored Cross-Site Scripting (XSS) vulnerability.
The vulnerability is located in the CobrancaController.php endpoint of the WeGIA application.