{ "affected": [ { "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "eb31ff7e33e00fbbf8c732872f69046ec5922498" } ], "repo": "https://github.com/labredescefetrj/wegia", "type": "GIT" } ] } ], "aliases": [ "GHSA-77hc-c8f4-p3hc" ], "database_specific": { "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55170.json" }, "details": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerability was identified in the /html/alterar_senha.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the verificacao and redir_config parameter. This issue has been patched in version 3.4.8.", "id": "CVE-2025-55170", "modified": "2026-04-01T23:07:54.818172347Z", "published": "2025-08-12T20:12:33.796Z", "references": [ { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55170.json" }, { "type": "ADVISORY", "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-77hc-c8f4-p3hc" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55170" }, { "type": "REPORT", "url": "https://github.com/LabRedesCefetRJ/WeGIA/issues/141" }, { "type": "FIX", "url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/c2bd4121a2b2a076c9f2ef0bdbb46231389993c8" } ], "schema_version": "1.7.3", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ], "summary": "WeGIA reflected XSS via `verificacao` and `redir_config` param at endpoint `/html/alterar_senha.php`" }