CVE-2025-53929
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-16

Last updated on: 2025-07-25

Assigner: GitHub, Inc.

Description
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cor.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts into the `cor` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page `cadastro_pet.php` is accessed by users, posing a significant security risk. Version 3.4.5 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-16
Last Modified
2025-07-25
Generated
2026-05-07
AI Q&A
2025-07-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53929
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wegia wegia to 3.4.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the WeGIA web manager application, specifically in the 'adicionar_cor.php' endpoint. Attackers can inject malicious scripts into the 'cor' parameter, which are then stored on the server. When users access the affected page 'cadastro_pet.php', these scripts execute automatically, potentially compromising user security. The issue is fixed in version 3.4.5.


How can this vulnerability impact me? :

The vulnerability can lead to attackers executing malicious scripts in the context of users visiting the affected page. This can result in theft of user credentials, session hijacking, defacement, or other malicious actions that compromise user data and trust. It poses a significant security risk to users of the WeGIA application prior to version 3.4.5.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking if your WeGIA application version is prior to 3.4.5 and by testing the `adicionar_cor.php` endpoint for stored XSS in the `cor` parameter. For example, you can send a request with a script payload in the `cor` parameter and then check if the script executes when accessing the `cadastro_pet.php` page. A simple curl command to test might be: curl -X POST -d "cor=<script>alert(1)</script>" http://yourserver/adicionar_cor.php. Then visit the cadastro_pet.php page to see if the alert triggers, indicating the vulnerability.


What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to upgrade the WeGIA application to version 3.4.5 or later, where the stored XSS issue in the `adicionar_cor.php` endpoint has been fixed. Additionally, you should avoid using vulnerable versions and consider applying input validation or sanitization on the `cor` parameter to prevent script injection until the upgrade is performed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart