Login Sign Up

CVE-2025-57765

6.5 MEDIUM
Cross-Site Scripting

📋 TL;DR

A reflected cross-site scripting (XSS) vulnerability in WeGIA's pre_cadastro_adotante.php endpoint allows attackers to inject malicious scripts via the msg_e parameter. This affects all WeGIA installations prior to version 3.4.7, potentially compromising user sessions and data. Charitable institutions using vulnerable versions are at risk.

💻 Affected Systems

Products:
  • WeGIA
Versions: All versions prior to 3.4.7
Operating Systems: Any OS running WeGIA
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of WeGIA prior to 3.4.7 are vulnerable if the pre_cadastro_adotante.php endpoint is accessible.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or deface the application.

🟠

Likely Case

Session hijacking leading to unauthorized access to sensitive donor/adoptee information and potential data theft.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, though some risk remains if user input is reflected without sanitization.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (clicking a malicious link) and knowledge of the vulnerable parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.7

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-39r5-c63f-99mx

Restart Required: No

Instructions:

1. Backup current installation. 2. Download WeGIA 3.4.7 from official repository. 3. Replace vulnerable files with patched version. 4. Verify fix by testing the msg_e parameter.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize the msg_e parameter

Add input sanitization in pre_cadastro_adotante.php: $msg_e = htmlspecialchars($_GET['msg_e'], ENT_QUOTES, 'UTF-8');

🧯 If You Can't Patch

  • Implement WAF rules to block XSS payloads in the msg_e parameter
  • Disable or restrict access to the pre_cadastro_adotante.php endpoint if not required

🔍 How to Verify

Check if Vulnerable:

Test the pre_cadastro_adotante.php endpoint with payload: ?msg_e=<script>alert('XSS')</script>

Check Version:

Check WeGIA version in admin panel or read version file if available

Verify Fix Applied:

Test the same payload after patching - script should be encoded and not execute

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing script tags or JavaScript in msg_e parameter
  • Unusual length or encoding in msg_e parameter values

Network Indicators:

  • HTTP GET requests to pre_cadastro_adotante.php with suspicious msg_e values

SIEM Query:

source="web_logs" AND uri="*pre_cadastro_adotante.php*" AND (msg_e="*<script>*" OR msg_e="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-57765
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-79
EPSS Score: 0.04% exploit probability (11.3th percentile)
Published: August 21, 2025
Last Updated: August 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57765, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)