CVE-2025-6696
BaseFortify
Publication date: 2025-06-26
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | 3.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6696 is a stored cross-site scripting (XSS) vulnerability in LabRedesCefetRJ WeGIA version 3.4.0, specifically in the file /html/atendido/Cadastro_Atendido.php within the Cadastro de Atendio component. The vulnerability occurs because the application does not properly neutralize user input in the 'Nome' and 'Sobrenome' parameters, allowing an attacker to inject malicious JavaScript code. This code is then stored and executed in the context of other users' web pages when they access certain parts of the application. Exploitation requires valid credentials and user interaction, and the attack can be launched remotely. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows attackers to execute arbitrary JavaScript code within the application context, which can lead to session hijacking, website defacement, or other malicious actions performed as authenticated users. Because the malicious script is stored persistently, it executes every time the affected page is loaded, increasing the risk of compromise for users interacting with the application. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of the vulnerable endpoint `/html/atendido/Cadastro_Atendido.php` in the LabRedesCefetRJ WeGIA 3.4.0 application. One method is to use Google dorking with queries like `inurl:html/atendido/Cadastro_Atendido.php` to find potentially vulnerable targets. Additionally, manual testing can be performed by logging into the WeGIA platform, navigating to the relevant pages, and attempting to inject a benign script payload (e.g., `<script>alert('test')</script>`) into the `Nome` and `Sobrenome` fields to observe if the script executes when viewing stored data. Network monitoring tools can also be used to inspect HTTP requests to `control.php` with parameters `nome` and `sobrenome` for suspicious script content. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable LabRedesCefetRJ WeGIA 3.4.0 product or component until a patch or fix is available, as no known countermeasures or patches currently exist. Restrict access to the affected endpoints and implement input validation and output encoding on the `Nome` and `Sobrenome` parameters to prevent script injection. Monitoring and filtering HTTP requests for malicious payloads targeting these parameters can help reduce risk. Consider using alternative products or versions that do not contain this vulnerability. [1]