Labredescefetrj Wegia vulnerabilities
173 known vulnerabilities affecting labredescefetrj/wegia.
Total CVEs
173
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL36HIGH44MEDIUM92
Vulnerabilities
Page 7 of 9
CVE-2025-67496P4MEDIUMCVSS 5.4fixed in 3.5.52025-12-09
CVE-2025-67496 [MEDIUM] CWE-79 CVE-2025-67496: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Vers
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application does not sanitize user-controlled data before rendering it inside the employee selection dropdown. T
nvd
CVE-2026-23724P4MEDIUMCVSS 5.4fixed in 3.6.22026-01-16
CVE-2026-23724 [MEDIUM] CWE-79 CVE-2026-23724: WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (X
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/atendido/cadastro_ocorrencia.php endpoint of the WeGIA application. The application does not sanitize user-controlled data before rendering it inside the “Atendido” selection dropdown. This vulnerability is
nvd
CVE-2025-22598P4MEDIUMCVSS 6.1fixed in 3.2.82025-01-10
CVE-2025-22598 [MEDIUM] CWE-79 CVE-2025-22598: WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerabilit
WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically wh
nvd
CVE-2025-22597P4MEDIUMCVSS 6.1fixed in 3.2.82025-01-10
CVE-2025-22597 [MEDIUM] CWE-79 CVE-2025-22597: WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerabilit
WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automaticall
nvd
CVE-2025-23030P4MEDIUMCVSS 6.1v3.4.02025-01-14
CVE-2025-23030 [MEDIUM] CWE-79 CVE-2025-23030: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `cadastro_funcionario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `cpf` parameter. The application fails
nvd
CVE-2025-23034P4MEDIUMCVSS 6.1fixed in 3.2.62025-01-14
CVE-2025-23034 [MEDIUM] CWE-79 CVE-2025-23034: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `tags.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_e` parameter. The application fails to validate an
nvd
CVE-2025-22617P4MEDIUMCVSS 6.1fixed in 3.2.72025-01-13
CVE-2025-22617 [MEDIUM] CWE-79 CVE-2025-22617: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar_socio.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `socio` parameter. The application fails to val
nvd
CVE-2025-22615P4MEDIUMCVSS 6.1v3.4.02025-01-13
CVE-2025-22615 [MEDIUM] CWE-79 CVE-2025-22615: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `Cadastro_Atendido.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `cpf` parameter. The application fails to
nvd
CVE-2025-27417P4MEDIUMCVSS 6.1fixed in 3.2.162025-03-03
CVE-2025-27417 [MEDIUM] CWE-79 CVE-2025-27417: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A St
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the adicionar_status_atendido.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the status parameter. The injected scripts are sto
nvd
CVE-2025-54078P4MEDIUMCVSS 6.1fixed in 3.4.62025-07-18
CVE-2025-54078 [MEDIUM] CWE-79 CVE-2025-54078: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao_imagem.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `err` param
nvd
CVE-2025-54077P4MEDIUMCVSS 6.1fixed in 3.4.62025-07-18
CVE-2025-54077 [MEDIUM] CWE-79 CVE-2025-54077: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `err` parameter. V
nvd
CVE-2025-54076P4MEDIUMCVSS 6.1fixed in 3.4.62025-07-18
CVE-2025-54076 [MEDIUM] CWE-79 CVE-2025-54076: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `pre_cadastro_atendido.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_e` par
nvd
CVE-2025-62598P4MEDIUMCVSS 6.1fixed in 3.5.12025-10-21
CVE-2025-62598 [MEDIUM] CWE-79 CVE-2025-62598: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prio
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the action parameter. The vulne
nvd
CVE-2025-62359P4MEDIUMCVSS 6.1fixed in 3.5.02025-10-13
CVE-2025-62359 [MEDIUM] CWE-79 CVE-2025-62359: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prio
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /pet/profile_pet.php?id_pet= endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_pet parameter. This vulnera
nvd
CVE-2025-58452P4MEDIUMCVSS 6.1fixed in 3.4.112025-09-08
CVE-2025-58452 [MEDIUM] CWE-79 CVE-2025-58452: WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerabi
WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_despachos.php endpoint of the WeGIA application prior to version 3.4.11. This vulnerability allows attackers to inject malicious scripts in the id_memorando parameter. Version 3.4.11 contains a patch.
nvd
CVE-2025-22613P4MEDIUMCVSS 5.4fixed in 3.2.62025-01-13
CVE-2025-22613 [MEDIUM] CWE-79 CVE-2025-22613: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `informacao_adicional.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scri
nvd
CVE-2025-22618P4MEDIUMCVSS 5.4fixed in 3.2.62025-01-13
CVE-2025-22618 [MEDIUM] CWE-79 CVE-2025-22618: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cargo.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `cargo` parameter. The injected scripts are s
nvd
CVE-2025-23037P4MEDIUMCVSS 5.4fixed in 3.2.62025-01-14
CVE-2025-23037 [MEDIUM] CWE-79 CVE-2025-23037: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `cargo` parameter. The injected scripts are stored on
nvd
CVE-2025-23032P4MEDIUMCVSS 5.4fixed in 3.2.62025-01-14
CVE-2025-23032 [MEDIUM] CWE-79 CVE-2025-23032: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_escala.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `escala` parameter. The injected scripts are
nvd
CVE-2025-23035P4MEDIUMCVSS 5.4fixed in 3.2.62025-01-14
CVE-2025-23035 [MEDIUM] CWE-79 CVE-2025-23035: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_quadro_horario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected
nvd