Whyrusx

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.4.6 **Description** WeGIA is an open source web manager designed for the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the `pre cadastro atendido.php` endpoint. Attackers can inject malicious scripts through the `msg e` parameter. **Recommendations** Update to version 3.4.6 or later.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.4.6 **Description** WeGIA is an open source web manager designed for the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the `personalizacao.php` endpoint. Attackers can inject malicious scripts through the `err` parameter. **Recommendations** Update to version 3.4.6 or later. As a temporary workaround, avoid using the `err` parameter in the `personalizacao.php` endpoint.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.4.6 **Description** WeGIA is an open source web manager designed for the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability exists that allows attackers to inject malicious scripts via the `err` parameter in the `personalizacao imagem.php` endpoint. **Recommendations** Update to version 3.4.6 or later.

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.4.6 **Description** WeGIA is an open source web manager. A SQL Injection vulnerability exists in the `/html/atendido/Profile Atendido.php` endpoint, specifically in the `idatendido` parameter. This allows an attacker to execute arbitrary SQL queries and potentially access sensitive information. **Recommendations** Update WeGIA to version 3.4.6 or later.

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.5 Description: WeGIA is an open source web manager. An Open Redirect issue exists in the web application due to an uncontrolled redirection. The `control.php` API endpoint allows specification of an arbitrary URL via the `nextPage` parameter. Recommendations: Update to version 3.4.5 or later. As a temporary workaround, restrict access to the `control.php` endpoint. Avoid using the `nextPage` parameter in the `control.php` endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.5 Description: WeGIA is an open source web manager. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the `relatorio geracao.php` endpoint. Attackers can inject malicious scripts through the `tipo relatorio` parameter. Recommendations: Update to version 3.4.5 or later. As a temporary workaround, restrict access to the `relatorio geracao.php` endpoint. Avoid using the `tipo relatorio` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.5 Description: WeGIA is an open source web manager designed for the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the `index.php` endpoint. Attackers can inject malicious scripts through the `erro` parameter. Recommendations: Update to version 3.4.5 or later.