CVE-2025-54078 MEDIUM

CVE-2025-54078: WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'personalizacao_imagem.php' parameter 'err'

Vendor Labredescefetrj
Product WeGIA
Weakness CWE-79 · XSS
Published July 18, 2025
Last update July 18, 2025
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao_imagem.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `err` parameter. Version 3.4.6 fixes the issue.

Key dates

02Disclosure timeline

July 18, 2025 CVE published
July 18, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-23200 Stored XSS-LibreNMS-Misc Section in librenms CVE-2024-4201 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab CVE-2021-24693 Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail CVE-2024-2091 Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-32961 WordPress Zotpress Plugin <= 7.3.3 is vulnerable to Cross Site Scripting (XSS)