CVE-2025-53935 – WeGIA Reflected Cross-Site Scripting (XSS)

July 16, 2025

CVE ID : CVE-2025-53935

Published : July 16, 2025, 4:15 p.m. | 2 hours, 28 minutes ago

Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_selecao.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts in the `id` parameter. Version 3.4.5 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53934 – WeGIA Stored Cross-Site Scripting (XSS) Vulnerability

Next Article CVE-2025-53929 – WeGIA Stored Cross-Site Scripting Vulnerability

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

Oblivion Remastered and Metal Gear Solid Delta co-developer Virtuos faces layoffs — with 270 workers cut

The details of TC39’s last meeting

The details of TC39’s last meeting

Notes Android App Using SQLite

How to Get Security Patches for Legacy Unsupported Node.js Versions

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

CVE-2025-53935 – WeGIA Reflected Cross-Site Scripting (XSS)

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Rilasciata ONLYOFFICE DocSpace 3.1: con circa 40 novità e miglioramenti in tutta la piattaforma

Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner

The second annual Triple-I Initiative Showcase featured more than 40 indie games — Here’s every title showcased for Xbox and PC

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Google Researchers Introduce LightLab: A Diffusion-Based AI Method for Physically Plausible, Fine-Grained Light Control in Single Images

CVE-2025-46707 – VMware ESXi Firmware Privilege Escalation

CVE-2025-35975 – MicroDicom DICOM Viewer Out-of-Bounds Write RCE

CVE-2025-49130 – Laravel Translation Manager Stored Cross-Site Scripting Vulnerability

CVE-2025-53935 – WeGIA Reflected Cross-Site Scripting (XSS)

Related Posts