Main Vulnerability Database Vulnerabilities #VU128710

Cross-site scripting in WeGIA - CVE-2025-30362

Published: March 27, 2025 / Updated: April 30, 2026

Vulnerability identifier: #VU128710

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green

CVE-ID: CVE-2025-30362

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LabReDeS

Affected software:
WeGIA

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary script code in the victim's browser.

The vulnerability exists due to cross-site scripting in html/geral/documentos_funcionario.php when processing the id parameter. A remote attacker can submit a specially crafted input that is stored by the application to execute arbitrary script code in the victim's browser.

User interaction is required to load the compromised page.

How to mitigate CVE-2025-30362

Install security update from vendor's website.

Cross-site scripting in WeGIA - CVE-2025-30362

Detailed vulnerability description

How to mitigate CVE-2025-30362

Sources

Please verify you're human