First published: Fri Jan 10 2025(Updated: )
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_doacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the avulso parameter. This vulnerability is fixed in 3.2.8.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wegia Wegia | <3.2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2025-22600 is considered to be medium due to the potential for an attacker to exploit the Reflected Cross-Site Scripting vulnerability.
To fix CVE-2025-22600, it is recommended to update the WeGIA application to version 3.2.9 or later that addresses this vulnerability.
CVE-2025-22600 can lead to unauthorized script execution in the user's browser, potentially compromising personal data and session information.
CVE-2025-22600 affects WeGIA versions up to and including 3.2.8.
CVE-2025-22600 is a Reflected Cross-Site Scripting vulnerability, allowing attackers to inject malicious scripts through the web application's parameters.