CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/03/29 5:30 p.m.•12 views

CVE-2025-30362

WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting XSS vulnerability was identified in versions prior to 3.2.8. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious cod...

6.4CVSS5.1AI score0.00283EPSS

Vulnrichment•added 2025/03/27 4:29 p.m.•7 views

CVE-2025-30366 WeGIA vulnerable to Stored XSS in personalizacao.php

WeGIA is a Web manager for charitable institutions. Versions prior to 3.2.8 are vulnerable to stored cross-site scripting. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently...

6.2CVSS5.3AI score0.00218EPSS

OSV•added 2025/03/27 4:27 p.m.•5 views

CVE-2025-30364 WeGIA vulnerable to SQL Injection (Blind Time-Based) in remuneracao.php parameter id_funcionario

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the idfuncionario parameter. This vulnerability allows the execution of arbitrary SQL commands, which can...

10CVSS7.7AI score0.00332EPSS

Exploits1References3

Cvelist•added 2025/03/27 4:26 p.m.•8 views

CVE-2025-30363 WeGIA vulnerable to Stored XSS in documentos_funcionario.php parameter dados_addInfo

WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting XSS vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious cod...

6.4CVSS0.00324EPSS

Vulnrichment•added 2025/03/27 4:26 p.m.•7 views

CVE-2025-30363 WeGIA vulnerable to Stored XSS in documentos_funcionario.php parameter dados_addInfo

6.4CVSS4.8AI score0.00324EPSS

NVD•added 2025/02/03 10:15 p.m.•11 views

CVE-2025-24902

WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, salvarcargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. Thi...

9.4CVSS0.00441EPSS

NVD•added 2025/02/03 10:15 p.m.•10 views

CVE-2025-24901

WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, deletarpermissao.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information...

9.4CVSS0.00506EPSS

Cvelist•added 2025/01/20 3:47 p.m.•17 views

CVE-2025-23219 WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarcor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in t...

10CVSS0.00483EPSS

NVD•added 2025/01/14 1:15 a.m.•9 views

CVE-2025-23034

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the tags.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge...

6.4CVSS0.0047EPSS

OSV•added 2025/01/13 11:35 p.m.•8 views

CVE-2025-23038 Cross-Site Scripting (XSS) Stored endpoint 'remuneracao.php ' parameter 'descricao' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the remuneracao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into th...

6.4CVSS5.3AI score0.00508EPSS

OSV•added 2025/01/13 11:32 p.m.•6 views

CVE-2025-23032 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_escala.php' parameter 'escala' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarescala.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts int...

6.4CVSS5.3AI score0.00508EPSS

OSV•added 2025/01/13 11:31 p.m.•5 views

CVE-2025-23034 Cross-Site Scripting (XSS) Reflected endpoint 'tags.php' parameter 'msg_e' in WeGIA

6.4CVSS6AI score0.0047EPSS

OSV•added 2025/01/13 11:29 p.m.•8 views

CVE-2025-23037 Cross-Site Scripting (XSS) Stored endpoint 'control.php' parameter 'cargo' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the control.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the...

6.4CVSS5.3AI score0.00664EPSS

NVD•added 2025/01/13 9:15 p.m.•7 views

CVE-2025-22618

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarcargo.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into...

6.4CVSS0.00508EPSS

NVD•added 2025/01/08 7:15 p.m.•12 views

CVE-2025-22141

9.4CVSS0.00494EPSS

OSV•added 2025/01/08 6:27 p.m.•4 views

CVE-2025-22141 WeGIA SQL Injection (Blind Time-Based) endpoint 'verificar_recursos_cargo.php' parameter 'cargo'

9.4CVSS8.2AI score0.00494EPSS