cbcvebase.

Labredescefetrj Wegia vulnerabilities

173 known vulnerabilities affecting labredescefetrj/wegia.

Total CVEs
173
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL36HIGH44MEDIUM92

Vulnerabilities

Page 5 of 9
CVE-2026-42870P3MEDIUMCVSS 6.4fixed in 3.7.02026-05-11
CVE-2026-42870 [MEDIUM] CWE-79 CVE-2026-42870: WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?id_funcionario=2. By injecting a malicious payload into the 'Description' (Descrição) field and saving the profile, the script becomes persistently stored
nvd
CVE-2026-40282P4MEDIUMCVSS 6.4fixed in 3.6.102026-04-17
CVE-2026-40282 [MEDIUM] CWE-79 CVE-2026-40282: WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, which is executed when user access the the page, enabling session hijacking and account takeover. Version 3.6.10 fixe
nvd
CVE-2025-55170P4HIGHCVSS 7.4fixed in 3.4.82025-08-12
CVE-2025-55170 [HIGH] CWE-79 CVE-2025-55170: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerability was identified in the /html/alterar_senha.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the verificacao and redi
nvd
CVE-2026-45027P4MEDIUMCVSS 5.9fixed in 3.7.32026-05-27
CVE-2026-45027 [MEDIUM] CWE-759 CVE-2026-45027: WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash() function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in controle/FuncionarioControle.php follows the same pattern. SHA-256 is
nvd
CVE-2026-45026P4MEDIUMCVSS 6.8fixed in 3.7.32026-05-11
CVE-2026-45026 [MEDIUM] CWE-79 CVE-2026-45026: WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the Processo de Aceitação (html/atendido/processo_aceitacao.php) page, which is executed when user access the the page, enabling session hijacking and account
nvd
CVE-2026-45025P4MEDIUMCVSS 6.8fixed in 3.7.32026-05-11
CVE-2026-45025 [MEDIUM] CWE-79 CVE-2026-45025: WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the "Etapas de um Processo" (html/atendido/etapa_processo.php) page, which is executed when user access the the page, enabling session hijacking and account t
nvd
CVE-2026-40284P4MEDIUMCVSS 6.8fixed in 3.6.102026-04-17
CVE-2026-40284 [MEDIUM] CWE-79 CVE-2026-40284: WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the "Destinatário" field. The payload is stored and later executed when viewing the dispatch page, impacting other users. Version 3.6.10 fixes the issue.
nvd
CVE-2026-45335P4MEDIUMCVSS 5.4fixed in 3.7.32026-05-27
CVE-2026-45335 [MEDIUM] CWE-601 CVE-2026-45335: WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability w WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle. The application fails to validate or restrict the nex
nvd
CVE-2025-61604P4HIGHCVSS 7.1fixed in 3.5.02025-10-02
CVE-2025-61604 [HIGH] CWE-352 CVE-2025-61604: WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and bel WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger the action using the victim’s authenticated session. T
nvd
CVE-2026-35398P4MEDIUMCVSS 6.1fixed in 3.6.92026-04-06
CVE-2026-35398 [MEDIUM] CWE-601 CVE-2026-35398: WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability w WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos & listarId_Nome and nomeClasse=OrigemControle. The application fails to validate or r
nvd
CVE-2026-35472P4MEDIUMCVSS 6.1fixed in 3.6.92026-04-06
CVE-2026-35472 [MEDIUM] CWE-601 CVE-2026-35472: WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability w WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=EstoqueControle. The application fails to validate or restrict the nex
nvd
CVE-2026-35396P4MEDIUMCVSS 6.1fixed in 3.6.92026-04-06
CVE-2026-35396 [MEDIUM] CWE-601 CVE-2026-35396: WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability w WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IsaidaControle. The application fails to validate or restrict the nextPag
nvd
CVE-2026-23729P4MEDIUMCVSS 6.1fixed in 3.6.22026-01-16
CVE-2026-23729 [MEDIUM] CWE-601 CVE-2026-23729: WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability w WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarDescricao and nomeClasse=ProdutoControle. The application fails to validate or restrict the
nvd
CVE-2026-23726P4MEDIUMCVSS 6.1fixed in 3.6.22026-01-16
CVE-2026-23726 [MEDIUM] CWE-601 CVE-2026-23726: WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability w WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=TipoEntradaControle. The application fails to validate or restrict the
nvd
CVE-2026-23728P4MEDIUMCVSS 6.1fixed in 3.6.22026-01-16
CVE-2026-23728 [MEDIUM] CWE-601 CVE-2026-23728: WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability w WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=DestinoControle. The application fails to validate or restrict the nex
nvd
CVE-2026-23730P4MEDIUMCVSS 6.1fixed in 3.6.22026-01-16
CVE-2026-23730 [MEDIUM] CWE-601 CVE-2026-23730: WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability w WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=ProdutoControle. The application fails to validate or restrict the nex
nvd
CVE-2025-61606P4MEDIUMCVSS 6.1fixed in 3.5.02025-10-02
CVE-2025-61606 [MEDIUM] CWE-601 CVE-2025-61606: WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and bel WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle). This vulnerability allows attackers to redirect users to arbitrary external doma
nvd
CVE-2025-22596P4MEDIUMCVSS 6.5fixed in 3.2.82025-01-10
CVE-2025-22596 [MEDIUM] CWE-79 CVE-2025-22596: WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerabi WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the modulos_visiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8.
nvd
CVE-2026-35399P4MEDIUMCVSS 6.1fixed in 3.6.92026-04-06
CVE-2026-35399 [MEDIUM] CWE-79 CVE-2026-35399: WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allow WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing actions on behalf of the user. This vulnerability is fixed
nvd
CVE-2025-53821P4MEDIUMCVSS 6.1fixed in 3.4.52025-07-14
CVE-2025-53821 [MEDIUM] CWE-601 CVE-2025-53821: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter, leading to an uncontrolled redirection. Version 3.4.5 contains a fix fo
nvd
Labredescefetrj Wegia vulnerabilities | cvebase