CVE-2025-53526 LOW

CVE-2025-53526: WeGIA allows Stored XSS attacks in novo_memorando.php

Vendor Labredescefetrj
Product WeGIA
Weakness CWE-79 · XSS
Published July 7, 2025
Last update July 7, 2025

CVSS base score

2.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

What the vulnerability does

01Description

WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in novo_memorando.php. After the memo was submitted, the vulnerability was confirmed by accessing listar_memorandos_antigos.php. Upon loading this page, the injected script was executed in the browser. This vulnerability is fixed in 3.4.3.

Key dates

02Disclosure timeline

July 7, 2025 CVE published
July 7, 2025 Record updated