2 matches found
PT-2025-53613
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.1 Description SiYuan Note application uses a hardcoded cryptographic secret for its session store, making session encryption ineffective. The AccessAuthCode, stored in the session cookie, can be decrypted by an...
CVE-2025-62598 WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'action'
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...