Main Vulnerability Database Vulnerabilities #VU128692

Cross-site scripting in WeGIA - CVE-2025-53525

Published: April 30, 2026

Vulnerability identifier: #VU128692

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green

CVE-ID: CVE-2025-53525

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WeGIA

Software vendor:
LabReDeS

Description

The vulnerability allows a remote attacker to execute arbitrary script in the victim's browser.

The vulnerability exists due to cross-site scripting (XSS) in the profile_familiar.php endpoint when handling the id_dependente parameter in GET requests. A remote attacker can send a specially crafted request to execute arbitrary script in the victim's browser.

User interaction is required for the crafted request to be processed in the victim's browser.

Remediation

Install security update from vendor's website.

External links

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-982x-v58q-6qpj

Cross-site scripting in WeGIA - CVE-2025-53525

Description

Remediation

External links

Please verify you're human