CVE-2025-22132 HIGH

CVE-2025-22132: WeGIA has a Cross-Site Scripting (XSS) in File Upload Field

Vendor Nilsonlazarin
Product WeGIA
Weakness CWE-79 · XSS
Published January 7, 2025
Last update January 8, 2025
View on NVD All CVEs

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

WeGIA is a web manager for charitable institutions. A Cross-Site Scripting (XSS) vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute arbitrary scripts in the context of a victim's browser. This can lead to information theft, session hijacking, and other forms of client-side exploitation. This vulnerability is fixed in 3.2.7.

Key dates

02Disclosure timeline

January 7, 2025 CVE published
January 8, 2025 Record updated