CVE-2025-6695 MEDIUM

CVE-2025-6695: LabRedesCefetRJ WeGIA Additional Categoria adicionar_categoria.php cross site scripting

Vendor Labredescefetrj
Product WeGIA
Weakness CWE-79 · XSS
Published June 26, 2025
Last update June 26, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Additional Categoria. The manipulation of the argument Insira a nova categoria leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

June 26, 2025 CVE published
June 26, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-48590 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2021-43761 Adobe Experience Manager Stored XSS on Edit Tag page via Localization input CVE-2026-8899 Auto Thumbnails <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2025-23839 WordPress Sticky Button plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability CVE-2026-5319 itsourcecode Payroll Management System navbar.php cross site scripting