exploitDog

CVE-2025-57765

Опубликовано: 21 авг. 2025

Источник: nvd

CVSS3: 6.5

CVSS3: 8.2

EPSS Низкий

Описание

WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the pre_cadastro_adotante.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_e parameter. This vulnerability is fixed in 3.4.7.

Ссылки

https://github.com/LabRedesCefetRJ/WeGIA/commit/4e9a1c170a495eb8a8433052de19990d355cb098
Patch
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-39r5-c63f-99mx
Exploit
Vendor Advisory
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-39r5-c63f-99mx
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*

Версия до 3.4.7 (исключая)

EPSS

Процентиль: 24%

0.00079

Низкий

6.5 Medium

CVSS3

8.2 High

CVSS3

Дефекты

CWE-79

EPSS

Процентиль: 24%

0.00079

Низкий

6.5 Medium

CVSS3

8.2 High

CVSS3

Дефекты

CWE-79