CVE-2025-62358

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.5.1

Description WeGIA is a web management application designed for institutions, particularly those using the Portuguese language. A Reflected Cross-Site Scripting (XSS) issue exists in the log parameter of the 'configuracao geral.php' file. This allows an attacker to inject and execute arbitrary JavaScript code within a victim's browser. The API endpoint involved is 'configuracao geral.php', and the vulnerable parameter is log.

Recommendations Update to version 3.5.1 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-62358

GHSA-G6HR-2RHX-F8Q4

Affected Products

Wegia

CVE-2025-62358

Weakness Enumeration

Related Identifiers

Affected Products

References · 10