5.4

CVE-2025-62178

Exploit

WeGIA Cross-Site Scripting (XSS) Reflected endpoint '/html/atendido/cadastro_atendido_parentesco_pessoa_nova.php' parameter 'idatendido'

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /html/atendido/cadastro_atendido_parentesco_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the idatendido parameter. This vulnerability is fixed in 3.5.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WegiaWegia Version < 3.5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.115
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.3 2.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com 3.5 0.9 2.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-fj32-779r-28qv
Vendor Advisory
Exploit
https://github.com/LabRedesCefetRJ/WeGIA/issues/1181
Vendor Advisory
Issue Tracking
Mitigation
https://github.com/LabRedesCefetRJ/WeGIA/commit/e39390f2c0172e8a127b9437e15e71ac4a0e77cf
Patch