CVE-2025-53824 MEDIUM

CVE-2025-53824: WeGIA ReflectedCross-Site Scripting (XSS) vulnerability in endpoint 'cadastro_pet.php' parameter 'msg'

Vendor Labredescefetrj

Product WeGIA

Weakness CWE-79 · XSS

Published July 14, 2025

Last update July 15, 2025

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H

What the vulnerability does

01Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the editar_permissoes.php endpoint of the WeGIA application prior to version 3.4.4. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. Version 3.4.4 fixes the issue.

Key dates

02Disclosure timeline

July 14, 2025 CVE published

July 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-53824

Related vulnerabilities

04Related CVE

CVE-2024-30232 WordPress Exclusive Addons for Elementor plugin <= 2.6.9 - Cross Site Scripting (XSS) vulnerability CVE-2025-40772 CVE-2025-12324 TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2025-8619 OSM Map Widget for Elementor <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL CVE-2022-40753 IBM InfoSphere Information Server cross-site scripting