First published: Fri Jan 10 2025(Updated: )
WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wegia Wegia | <3.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-22598 has a high severity rating due to its potential for exploitation via stored cross-site scripting.
To fix CVE-2025-22598, update the WeGIA application to a version higher than 3.2.8 and ensure proper input validation is implemented.
CVE-2025-22598 can enable attackers to execute malicious scripts in the context of a user's session, leading to data theft or session hijacking.
The cadastrarSocio.php endpoint of the WeGIA application is the specific component affected by CVE-2025-22598.
Users interacting with the WeGIA application, particularly those using versions up to 3.2.8, are at risk from CVE-2025-22598.