CNNVD-202508-2590 Information
CNNVD ID
CNNVD-202508-2590
Related CVE
- CNNVD Published: 2025-08-21
Description (Chinese)
WeGIA是Nilson Lazarin个人开发者的一个福利机构的网络管理器。 WeGIA 3.4.7之前版本存在安全漏洞,该漏洞源于dependente_docdependente.php端点中nome参数存在存储型跨站脚本,可能导致恶意脚本自动执行。
Description (English)
WeGIA is the network manager of a welfare institution of the Nelson Lazarin personal developer. The previous version of WeGIA 3.4.7 had a security loophole, which stemmed from the presence of storage-type cross-site scripts in the neome parameters of the decendente docdependente.php endpoint, which could lead to the automatic execution of malicious scripts.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-08-21
Last Modified
2026-02-24
References
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-494r-43f3-p828 https://github.com/LabRedesCefetRJ/WeGIA/commit/fb1ab404c564e4dce32796b4b68cd192731207f3 https://nvd.nist.gov/vuln/detail/CVE-2025-57762
Patch
https://github.com/LabRedesCefetRJ/WeGIA/releases
Share on: