Labredescefetrj Wegia vulnerabilities
173 known vulnerabilities affecting labredescefetrj/wegia.
Total CVEs
173
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL36HIGH44MEDIUM92
Vulnerabilities
Page 6 of 9
CVE-2025-62361P4MEDIUMCVSS 6.1fixed in 3.5.02025-10-13
CVE-2025-62361 [MEDIUM] CWE-601 CVE-2025-62361: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prio
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, an Open Redirect vulnerability was identified in the control.php endpoint of the WeGIA application, specifically in the nextPage parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle). This vulnerability allows attackers to redirect
nvd
CVE-2026-35473P4MEDIUMCVSS 6.1fixed in 3.6.92026-04-06
CVE-2026-35473 [MEDIUM] CWE-601 CVE-2026-35473: WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability w
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IentradaControle. The application fails to validate or restrict the nextP
nvd
CVE-2026-23727P4MEDIUMCVSS 6.1fixed in 3.6.22026-01-16
CVE-2026-23727 [MEDIUM] CWE-601 CVE-2026-23727: WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability w
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=TipoSaidaControle. The application fails to validate or restrict the n
nvd
CVE-2025-24020P4MEDIUMCVSS 6.1fixed in 3.2.112025-01-21
CVE-2025-24020 [MEDIUM] CWE-601 CVE-2025-24020: WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in
WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vulnerability allows the `nextPage` parameter to be manipulated, redirecting authenticated users to arbitrary external URLs without validation. The issue
nvd
CVE-2026-35475P4MEDIUMCVSS 6.1fixed in 3.6.92026-04-06
CVE-2026-35475 [MEDIUM] CWE-601 CVE-2026-35475: WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used verbatim in a header("Location: ...") call. This vulnerability is fixed in 3.6.9.
nvd
CVE-2025-30363P4MEDIUMCVSS 5.4fixed in 3.2.62025-03-27
CVE-2025-30363 [MEDIUM] CWE-79 CVE-2025-30363: WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerabilit
WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed wh
nvd
CVE-2026-23722P4MEDIUMCVSS 6.1fixed in 3.6.22026-01-16
CVE-2026-23722 [MEDIUM] CWE-79 CVE-2026-23722: WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/insere_despacho.php file. The application fails to properly sanitize or encode user-supplied input via the id_memorando GET parameter before reflecting it i
nvd
CVE-2026-35474P4MEDIUMCVSS 6.1fixed in 3.6.92026-04-06
CVE-2026-35474 [MEDIUM] CWE-601 CVE-2026-35474: WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used verbatim in a header("Location: ...") call. This vulnerability is fixed in 3.6.9.
nvd
CVE-2025-30362P4MEDIUMCVSS 5.4fixed in 3.2.82025-03-27
CVE-2025-30362 [MEDIUM] CWE-79 CVE-2025-30362: WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerabilit
WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.8. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed wh
nvd
CVE-2025-27499P4MEDIUMCVSS 6.1fixed in 3.2.102025-03-03
CVE-2025-27499 [MEDIUM] CWE-79 CVE-2025-27499: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A St
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the processa_edicao_socio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the socio_nome parameter. The injected scripts are sto
nvd
CVE-2025-62597P4MEDIUMCVSS 6.1fixed in 3.5.12025-10-21
CVE-2025-62597 [MEDIUM] CWE-79 CVE-2025-62597: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prio
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the sql parameter. The vulnerab
nvd
CVE-2025-53526P4MEDIUMCVSS 6.1fixed in 3.4.32025-07-07
CVE-2025-53526 [MEDIUM] CWE-79 CVE-2025-53526: WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in
WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in novo_memorando.php.
After the memo was submitted, the vulnerability was confirmed by accessing listar_memorandos_antigos.php. Upon loading this page, the injected script was executed in the browser. This vulnerability is fixed in 3.4.3.
nvd
CVE-2025-62358P4MEDIUMCVSS 6.1fixed in 3.5.12025-10-13
CVE-2025-62358 [MEDIUM] CWE-79 CVE-2025-62358: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prio
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracao_geral.php is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker can inject arbitrary JavaScript, which executes in the victim’s browser. This vulnerability is fixed in 3.5.1.
nvd
CVE-2025-57762P4MEDIUMCVSS 6.1fixed in 3.4.72025-08-21
CVE-2025-57762 [MEDIUM] CWE-79 CVE-2025-57762: WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Stored Cross-Site Scr
WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Stored Cross-Site Scripting (XSS) vulnerability in the dependente_docdependente.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the nome parameter. The injected scripts are stored on the server and executed automa
nvd
CVE-2026-33135P4MEDIUMCVSS 6.1fixed in 3.6.72026-03-20
CVE-2026-33135 [MEDIUM] CWE-79 CVE-2026-33135: WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without any sanitization or encoding. The script /html/memo
nvd
CVE-2026-33136P4MEDIUMCVSS 6.1fixed in 3.6.72026-03-20
CVE-2026-33136 [MEDIUM] CWE-79 CVE-2026-33136: WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the listar_memorandos_ativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into the HTML response without any sanitization or enco
nvd
CVE-2026-42872P4MEDIUMCVSS 6.1fixed in 3.7.02026-05-11
CVE-2026-42872 [MEDIUM] CWE-79 CVE-2026-42872: WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Si
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting (XSS) vulnerability exists in lista_arquivos_etapa.php due to improper handling of user-supplied input. The id_processo parameter is directly embedded into the HTML without sanitization, allowing attackers to inject arbitrary JavaScript. T
nvd
CVE-2025-29782P4MEDIUMCVSS 5.4fixed in 3.2.172025-03-14
CVE-2025-29782 [MEDIUM] CWE-79 CVE-2025-29782: WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability w
WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the ser
nvd
CVE-2025-30366P4MEDIUMCVSS 5.4fixed in 3.2.82025-03-27
CVE-2025-30366 [MEDIUM] CWE-79 CVE-2025-30366: WeGIA is a Web manager for charitable institutions. Versions prior to 3.2.8 are vulnerable to stored
WeGIA is a Web manager for charitable institutions. Versions prior to 3.2.8 are vulnerable to stored cross-site scripting. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised p
nvd
CVE-2026-23725P4MEDIUMCVSS 5.4fixed in 3.6.22026-01-16
CVE-2026-23725 [MEDIUM] CWE-79 CVE-2026-23725: WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (X
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/pet/adotantes/cadastro_adotante.php and html/pet/adotantes/informacao_adotantes.php endpoint of the WeGIA application. The application does not sanitize user-controlled input before rendering it inside the A
nvd