Login Sign Up

CVE-2025-23037

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

A stored cross-site scripting (XSS) vulnerability in WeGIA's control.php endpoint allows attackers to inject malicious scripts via the cargo parameter. These scripts are stored on the server and automatically execute when users access the affected page, potentially compromising user data and systems. All WeGIA users running vulnerable versions are affected.

💻 Affected Systems

Products:
  • WeGIA
Versions: All versions before 3.2.6
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default installation when the control.php endpoint is accessible.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal session cookies, credentials, and sensitive data from all users accessing the vulnerable page, potentially leading to full account takeover and data exfiltration.

🟠

Likely Case

Attackers inject malicious scripts that steal user session cookies or credentials, compromising individual user accounts and potentially spreading to other parts of the application.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts are neutralized before execution, preventing any exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Stored XSS vulnerabilities are commonly exploited, though specific exploit details for this CVE are not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.6

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-rjjp-w2wm-7f9j

Restart Required: Yes

Instructions:

1. Backup your current WeGIA installation and database. 2. Download WeGIA version 3.2.6 from the official repository. 3. Replace the vulnerable files with the patched version. 4. Restart the web server service. 5. Verify the fix by testing the control.php endpoint.

🧯 If You Can't Patch

  • Implement a web application firewall (WAF) with XSS protection rules to block malicious payloads.
  • Disable or restrict access to the control.php endpoint if it's not essential for your operations.

🔍 How to Verify

Check if Vulnerable:

Check if your WeGIA version is below 3.2.6 by examining the application version in the admin panel or configuration files.

Check Version:

Check the WeGIA configuration files or admin interface for version information.

Verify Fix Applied:

After upgrading to version 3.2.6, test the control.php endpoint with XSS payloads to ensure they are properly sanitized and do not execute.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to control.php with script tags or JavaScript in the cargo parameter
  • Multiple failed XSS attempts in web server logs

Network Indicators:

  • HTTP requests containing script tags or JavaScript payloads in the cargo parameter

SIEM Query:

source="web_server_logs" AND uri="/control.php" AND (cargo CONTAINS "<script>" OR cargo CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-23037
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.22% exploit probability (43.8th percentile)
Published: January 14, 2025
Last Updated: April 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-23037, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)