216.73.217.86

CVE-2025-62598

· Published 21/10/2025 17:15 · Modified 21/10/2025 19:31

Labels: CVE-2025-62598 2025-10-21CVE-2025-62598CWE-79[email protected]

Essential information

Published
21/10/2025 17:15
Modified
21/10/2025 19:31
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the action parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?action=1. This issue has been patched in version 3.5.1.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wegia / wegia cpe:2.3:a:wegia:wegia:<3.5.1:*:*:*:*:*:*:*

References