CVE-2025-54076
BaseFortify
Publication date: 2025-07-18
Last updated on: 2025-07-30
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | to 3.4.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Reflected Cross-Site Scripting (XSS) issue in the WeGIA web application, specifically in the 'pre_cadastro_atendido.php' endpoint's 'msg_e' parameter. It occurs because the application does not properly validate or sanitize user input in this parameter, allowing attackers to inject malicious scripts that are reflected back and executed in the victim's browser. This can lead to unauthorized script execution within the user's session. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can result in theft of user login credentials, virtual defacement of the website, unauthorized actions performed on behalf of the user, and redirection to malicious or competing sites. It poses a high confidentiality impact by exposing sensitive data but does not affect integrity or availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the `pre_cadastro_atendido.php` endpoint for reflected XSS in the `msg_e` parameter. You can use curl or similar tools to send a request with a test payload such as `<script>alert(document.cookie)</script>` in the `msg_e` parameter and observe if the script is reflected in the response. For example, use the command: curl -G --data-urlencode "msg_e=<script>alert(document.cookie)</script>" https://yourwegiainstance/pre_cadastro_atendido.php and check if the response contains the injected script. If the script is reflected without proper sanitization, the vulnerability exists. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the WeGIA application to version 3.4.6 or later, where the issue is fixed. Additionally, avoid using vulnerable versions (prior to 3.4.6) in production environments. As a temporary measure, you can implement web application firewall (WAF) rules to block or sanitize requests containing suspicious script tags in the `msg_e` parameter. [1]