CVE-2025-62597
- Source
- https://cve.org/CVERecord?id=CVE-2025-62597
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62597.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-62597
- Aliases
-
- GHSA-wqjv-fhc9-h7hm
- Published
- 2025-10-21T16:34:19.775Z
- Modified
- 2026-04-10T05:33:10.038929Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N CVSS Calculator
- Summary
- WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'sql'
- Details
-
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the sql parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editarinfopessoal.php?sql=1. This issue has been patched in version 3.5.1.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62597.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-79" ] }- References
-
- https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.5.1
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62597.json
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-wqjv-fhc9-h7hm
- https://nvd.nist.gov/vuln/detail/CVE-2025-62597
- https://github.com/LabRedesCefetRJ/WeGIA/commit/e41395fe6a7b4f428b1797a8d5b52e0e3dbbb3d9
Affected packages
Git / github.com/labredescefetrj/wegia
Affected ranges
- Type
- GIT
- Repo
- https://github.com/labredescefetrj/wegia
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed