Vulnerabilities > CVE-2025-30363 - Unspecified vulnerability in Wegia

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

wegia

NVD

Published: 2025-03-27

Updated: 2025-04-10

Summary

WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.6 fixes the issue.

Vulnerable Configurations

Part	Description	Count
Application	Wegia Wegia Wegia 0.9.4 Wegia Wegia 1.0 Wegia Wegia 2.0 Wegia Wegia 3.0 Wegia Wegia 3.1 Wegia Wegia 3.2.0	7

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qhfm-2qfp-h4m3
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qhfm-2qfp-h4m3