cbcvebase.

Labredescefetrj Wegia vulnerabilities

173 known vulnerabilities affecting labredescefetrj/wegia.

Total CVEs
173
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL36HIGH44MEDIUM92

Vulnerabilities

Page 9 of 9
CVE-2025-22143P4MEDIUMCVSS 6.1fixed in 3.2.82025-01-08
CVE-2025-22143 [MEDIUM] CWE-79 CVE-2025-22143: WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerabi WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_permissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_e parameter. This vulnerability is fixed in 3.2.8.
nvd
CVE-2025-53935P4MEDIUMCVSS 6.1fixed in 3.4.52025-07-16
CVE-2025-53935 [MEDIUM] CWE-79 CVE-2025-53935: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_selecao.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `id` parameter
nvd
CVE-2025-53820P4MEDIUMCVSS 6.1fixed in 3.4.52025-07-14
CVE-2025-53820 [MEDIUM] CWE-79 CVE-2025-53820: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `index.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `erro` parameter. Version 3.4.5
nvd
CVE-2025-53377P4MEDIUMCVSS 6.1fixed in 3.4.32025-07-07
CVE-2025-53377 [MEDIUM] CWE-79 CVE-2025-53377: WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerabi WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro_dependente_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_funcionario parameter. This vulnerability is fixed in 3.4.3.
nvd
CVE-2025-53525P4MEDIUMCVSS 6.1fixed in 3.4.32025-07-07
CVE-2025-53525 [MEDIUM] CWE-79 CVE-2025-53525: WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerabi WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the profile_familiar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_dependente parameter. This vulnerability is fixed in 3.4.3.
nvd
CVE-2025-57763P4MEDIUMCVSS 6.1fixed in 3.4.72025-08-21
CVE-2025-57763 [MEDIUM] CWE-79 CVE-2025-57763: WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Reflected Cross-Site WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Reflected Cross-Site Scripting (XSS) vulnerability in the insere_despacho.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the cpf sccs. This vulnerability is fixed in 3.4.7.
nvd
CVE-2025-53824P4MEDIUMCVSS 5.4fixed in 3.4.42025-07-14
CVE-2025-53824 [MEDIUM] CWE-79 CVE-2025-53824: WeGIA is an open source web manager with a focus on the Portuguese language and charitable instituti WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the editar_permissoes.php endpoint of the WeGIA application prior to version 3.4.4. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. Vers
nvd
CVE-2025-6694P4MEDIUMCVSS 4.1v3.4.02025-06-26
CVE-2025-6694 [MEDIUM] CWE-79 CVE-2025-6694: A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vu A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Adicionar Unidade. The manipulation of the argument Insira a nova unidade leads to cross site scripting. The attack can be initiated remotely. The exploit ha
nvd
CVE-2025-6695P4MEDIUMCVSS 4.1v3.4.02025-06-26
CVE-2025-6695 [MEDIUM] CWE-79 CVE-2025-6695: A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue a A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Additional Categoria. The manipulation of the argument Insira a nova categoria leads to cross site scripting. The attack may be initiated remotely. The explo
nvd
CVE-2025-6698P4MEDIUMCVSS 4.1v3.4.02025-06-26
CVE-2025-6698 [MEDIUM] CWE-79 CVE-2025-6698: A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been rated as problematic. Affected A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /html/matPat/adicionar_tipoSaida.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo leads to cross site scripting. The attack may be launched remotely. The exp
nvd
CVE-2026-23731P4MEDIUMCVSS 4.3fixed in 3.6.22026-01-16
CVE-2026-23731 [MEDIUM] CWE-1021 CVE-2026-23731: WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerabl WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with frame-ancestors directive is not configured. Because of
nvd
CVE-2025-6697P4MEDIUMCVSS 4.1v3.4.02025-06-26
CVE-2025-6697 [MEDIUM] CWE-79 CVE-2025-6697: A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affec A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /html/matPat/adicionar_tipoEntrada.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo leads to cross site scripting. The attack can be launched remote
nvd
CVE-2026-42873P4UNKNOWNCVSS 0.0fixed in 3.6.102026-05-11
CVE-2026-42873 [NONE] CWE-200 CVE-2026-42873: WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependente_upload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively increasing the attack surface by providing potential attack
nvd
Labredescefetrj Wegia vulnerabilities | cvebase