Filtered by vendor Wegia
Subscriptions
Total
73 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27417 | 1 Wegia | 1 Wegia | 2025-04-11 | 6.1 Medium |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the adicionar_status_atendido.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the status parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.16. | ||||
| CVE-2025-26605 | 1 Wegia | 1 Wegia | 2025-04-10 | 8.8 High |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-27418 | 1 Wegia | 1 Wegia | 2025-04-10 | 5.4 Medium |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the adicionar_tipo_atendido.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the tipo parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.16. | ||||
| CVE-2025-27420 | 1 Wegia | 1 Wegia | 2025-04-10 | 5.4 Medium |
| WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the atendido_parentesco_adicionar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the descricao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability fix in 3.2.16. | ||||
| CVE-2025-30361 | 1 Wegia | 1 Wegia | 2025-04-10 | 9.8 Critical |
| WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass authentication and authorization mechanisms to reset the password of any user, including admin accounts. Version 3.2.6 fixes the issue. | ||||
| CVE-2025-30362 | 1 Wegia | 1 Wegia | 2025-04-10 | 5.4 Medium |
| WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.8. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.8 fixes the issue. | ||||
| CVE-2025-30363 | 1 Wegia | 1 Wegia | 2025-04-10 | 5.4 Medium |
| WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.6 fixes the issue. | ||||
| CVE-2025-30364 | 1 Wegia | 1 Wegia | 2025-04-10 | 9.8 Critical |
| WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the id_funcionario parameter. This vulnerability allows the execution of arbitrary SQL commands, which can compromise the confidentiality, integrity, and availability of stored data. Version 3.2.8 fixes the issue. | ||||
| CVE-2025-30365 | 1 Wegia | 1 Wegia | 2025-04-10 | 9.8 Critical |
| WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/query_geracao_auto.php, specifically in the query parameter. This vulnerability allows the execution of arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. Version 3.2.8 fixes the issue. | ||||
| CVE-2025-30366 | 1 Wegia | 1 Wegia | 2025-04-10 | 5.4 Medium |
| WeGIA is a Web manager for charitable institutions. Versions prior to 3.2.8 are vulnerable to stored cross-site scripting. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.8 fixes the issue. | ||||
| CVE-2025-30367 | 1 Wegia | 1 Wegia | 2025-04-10 | 9.8 Critical |
| WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. Version 3.2.6 contains a fix for the issue. | ||||
| CVE-2024-57033 | 1 Wegia | 1 Wegia | 2025-04-09 | 6.1 Medium |
| WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dados_addInfo parameter of documentos_funcionario.php. | ||||
| CVE-2024-53470 | 1 Wegia | 1 Wegia | 2025-04-09 | 6.1 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter. | ||||
| CVE-2024-53471 | 1 Wegia | 1 Wegia | 2025-04-09 | 6.1 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter. | ||||
| CVE-2024-53472 | 1 Wegia | 1 Wegia | 2025-04-09 | 8.8 High |
| WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF). | ||||
| CVE-2024-53473 | 1 Wegia | 1 Wegia | 2025-04-09 | 7.5 High |
| WeGIA 3.2.0 before 3998672 does not verify permission to change a password. | ||||
| CVE-2025-22133 | 1 Wegia | 1 Wegia | 2025-04-09 | 10 Critical |
| WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar, which can then be executed by the server. This vulnerability is fixed in 3.2.8. | ||||
| CVE-2025-22139 | 1 Wegia | 1 Wegia | 2025-04-09 | 6.1 Medium |
| WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_geral.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8. | ||||
| CVE-2025-22140 | 1 Wegia | 1 Wegia | 2025-04-09 | 8.8 High |
| WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8. | ||||
| CVE-2025-22141 | 1 Wegia | 1 Wegia | 2025-04-09 | 8.8 High |
| WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8. | ||||