CVE-2025-27420

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-27420

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27420.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-27420

Related

GHSA-x3wr-75qx-55cw

Published

2025-03-03T16:15:44Z

Modified

2025-04-10T20:58:40.010686Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the atendidoparentescoadicionar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the descricao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability fix in 3.2.16.

References

Affected packages

Git / github.com/labredescefetrj/wegia

Affected ranges

Type: GIT
Repo: https://github.com/labredescefetrj/wegia
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

add78bb177cbb29477ff2121b533651a9d673918

Affected versions

0.*

0.9.4-beta

v1.*

v1.0

v2.*

v2.0

v2.0-beta

v3.*

v3.0

v3.1

v3.2.0

v3.2.10

v3.2.11

v3.2.12

v3.2.13

v3.2.14

v3.2.15

v3.2.6

v3.2.7

v3.2.8

v3.2.9