Login Sign Up

CVE-2025-57763

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

WeGIA versions before 3.4.7 contain a reflected cross-site scripting vulnerability in the insere_despacho.php endpoint that allows attackers to inject malicious scripts via the cpf parameter. This affects all users of vulnerable WeGIA installations, potentially allowing session hijacking, credential theft, or defacement. The vulnerability is fixed in version 3.4.7.

💻 Affected Systems

Products:
  • WeGIA
Versions: All versions prior to 3.4.7
Operating Systems: Any OS running WeGIA
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of WeGIA before 3.4.7 are vulnerable if the insere_despacho.php endpoint is accessible.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, redirect users to malicious sites, or deface the application interface.

🟠

Likely Case

Attackers could steal session cookies or perform limited client-side attacks against users who click malicious links.

🟢

If Mitigated

With proper input validation and output encoding, the impact is minimal as scripts would be properly sanitized.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (clicking malicious link) and knowledge of the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.7

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-67w3-jf96-f754

Restart Required: No

Instructions:

1. Backup current installation. 2. Download WeGIA 3.4.7 from official repository. 3. Replace vulnerable files with patched version. 4. Verify installation works correctly.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation for the cpf parameter in insere_despacho.php

Add input sanitization for cpf parameter before processing

WAF Rule

all

Deploy web application firewall rules to block XSS payloads in the cpf parameter

Configure WAF to detect and block script tags and JavaScript in cpf parameter

🧯 If You Can't Patch

  • Restrict access to insere_despacho.php endpoint using firewall rules or access controls
  • Implement Content Security Policy headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Test the insere_despacho.php endpoint with XSS payloads in the cpf parameter and check if scripts execute

Check Version:

Check WeGIA version in application interface or configuration files

Verify Fix Applied:

Test the same XSS payloads after patching to confirm they are properly sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to insere_despacho.php with script tags or JavaScript in parameters
  • Multiple failed XSS attempts in web logs

Network Indicators:

  • HTTP requests containing script tags or JavaScript in cpf parameter
  • Unusual traffic patterns to the vulnerable endpoint

SIEM Query:

source="web_logs" AND uri="*insere_despacho.php*" AND (param="*<script>*" OR param="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-57763
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.03% exploit probability (9.7th percentile)
Published: August 21, 2025
Last Updated: August 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57763, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)