CVE-2025-53936 – WeGIA Reflected Cross-Site Scripting (XSS)

July 16, 2025

CVE ID : CVE-2025-53936

Published : July 16, 2025, 4:15 p.m. | 2 hours, 28 minutes ago

Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_selecao.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `nome_car` parameter. Version 3.4.5 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53930 – WeGIA Stored Cross-Site Scripting (XSS) Vulnerability

Next Article CVE-2025-53934 – WeGIA Stored Cross-Site Scripting (XSS) Vulnerability

Highlights

CVE-2025-7161 – PHPGurukul Zoo Management System SQL Injection Vulnerability

July 8, 2025

CVE ID : CVE-2025-7161

Published : July 8, 2025, 4:15 a.m. | 2 hours, 35 minutes ago

Description : A vulnerability classified as critical was found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-normal-ticket.php. The manipulation of the argument cprice leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Reclaim Space: Delete Docker Orphan Layers

Notes Android App Using SQLite

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-53936 – WeGIA Reflected Cross-Site Scripting (XSS)

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

CVE-2025-5608 – Tenda AC18 Buffer Overflow Vulnerability

slop queries for a selection from the user and prints the region to stdout

The Elder Scrolls 4: Oblivion Remastered buying guide — Which version of the game is right for you?

These earbuds sold me on the open-ear form factor (and sound great for the price)

CVE-2025-7161 – PHPGurukul Zoo Management System SQL Injection Vulnerability

Chaos Testing Explained

CVE-2025-46222 – Apache HTTP Server Authentication Bypass

Smashing Security podcast #412: Signalgate sucks, and the quandary of quishing

CVE-2025-53936 – WeGIA Reflected Cross-Site Scripting (XSS)

Related Posts