CVE-2025-55170

HIGH EPSS 32.6%
Published Aug 12, 202510mo ago · Modified Jun 17, 20262w ago
7.4 CVSS 3.1
High
Find Similar
Published Aug 12, 2025 10mo ago
Last Modified Jun 17, 2026 2w ago

Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerability was identified in the /html/alterar_senha.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the verificacao and redir_config parameter. This issue has been patched in version 3.4.8.

CVSS Details

Base Score
7.4
Exploitability
2.8
Impact
4.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
32.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
wegiawegia* <3.4.8

References 3

  • github.com https://github.com/LabRedesCefetRJ/WeGIA/commit/c2bd4121a2b2a076c9f2ef0bdbb46231389993c8
    Patch
  • github.com https://github.com/LabRedesCefetRJ/WeGIA/issues/141
    Issue Tracking
  • github.com https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-77hc-c8f4-p3hc
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/LabRedesCefetRJ/WeGIA/commit/c2bd4121a2b2a076c9f2ef0bdbb46231389993c8
    Patch