CVE-2025-22600 WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint `configuracao_doacao.php` parameter `avulso`

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the configuracaodoacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the avulso parameter. This vulnerability is fix...

CVE-2025-22143

CVE-2025-22143 describes a reflected cross-site scripting (XSS) vulnerability in WeGIA, a web manager for charitable institutions. The flaw exists in the listar_permissoes.php endpoint and affects the msg_e parameter, enabling an attacker to inject malicious scripts. Multiple sources confirm the ...