CVE-2025-23037 – WeGIA Stored Cross-Site Scripting (XSS) Vulnerability

The following table lists the changes that have been made to the
CVE-2025-23037 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

New CVE Received
by [email protected]

Jan. 14, 2025

Action	Type	New Value
Added	Description	WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `cargo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `control.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim’s browser, potentially compromising the user’s data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Added	CVSS V4.0	AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Added	CWE	CWE-79
Added	Reference	https://github.com/LabRedesCefetRJ/WeGIA/commit/3e4d5a3302164617314edfd6dfdef063dc255cbd
Added	Reference	https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-rjjp-w2wm-7f9j

CVE Modified
by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Jan. 14, 2025

Action Type Old Value New Value

Added Reference https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-rjjp-w2wm-7f9j

Action	Type	Old Value	New Value
Added	Reference		https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-rjjp-w2wm-7f9j

Share the Post:

CVE-2025-10304 – Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 – Missing Authorization to Unauthenticated Backup Failure

CVE ID : CVE-2025-10304 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The Everest Backup –

CVE-2025-12585 – MxChat – AI Chatbot for WordPress <= 2.5.5 – Unauthenticated Information Exposure

CVE ID : CVE-2025-12585 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The MxChat – AI

Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN

Company Registration Number: 5334133
Company VAT Number: 855 7246 95

CVE-2025-23037 – WeGIA Stored Cross-Site Scripting (XSS) Vulnerability

New CVE Received
by [email protected]

CVE Modified
by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Related Posts

CVE-2025-10304 – Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 – Missing Authorization to Unauthenticated Backup Failure

CVE-2025-12585 – MxChat – AI Chatbot for WordPress <= 2.5.5 – Unauthenticated Information Exposure

Useful Links

Other Links

CVE-2025-23037 – WeGIA Stored Cross-Site Scripting (XSS) Vulnerability

New CVE Received by [email protected]

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Related Posts

CVE-2025-10304 – Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 – Missing Authorization to Unauthenticated Backup Failure

CVE-2025-12585 – MxChat – AI Chatbot for WordPress <= 2.5.5 – Unauthenticated Information Exposure

Useful Links

Other Links

New CVE Received
by [email protected]

CVE Modified
by 134c704f-9b21-4f2e-91b3-4a467353bcc0