CVE-2025-22597

WeGIA has a Cross-Site Scripting (XSS) Stored endpoint 'CobrancaController.php' parameter 'local_recepcao'

Description

WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8.

INFO

Published Date :

2025-01-10T15:28:40.413Z

Last Modified :

2025-08-26T19:42:25.857Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-22597 vulnerability.

Vendors	Products
Wegia	Wegia

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-22597.

URL	Resource
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-mgj3-g922-2r9v

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact