CVE-2025-55170
HIGH EPSS 32.6%
Published Aug 12, 202510mo ago · Modified Jun 17, 20262w ago
7.4 CVSS 3.1
Published Aug 12, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago
Description
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerability was identified in the /html/alterar_senha.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the verificacao and redir_config parameter. This issue has been patched in version 3.4.8.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality High
Integrity None
Availability None
Threat Intelligence
EPSS Exploit Probability
32.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| wegia | wegia | * | <3.4.8 |
References 3
- github.com https://github.com/LabRedesCefetRJ/WeGIA/commit/c2bd4121a2b2a076c9f2ef0bdbb46231389993c8
- github.com https://github.com/LabRedesCefetRJ/WeGIA/issues/141
- github.com https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-77hc-c8f4-p3hc
Remediation
- github.com https://github.com/LabRedesCefetRJ/WeGIA/commit/c2bd4121a2b2a076c9f2ef0bdbb46231389993c8