CVE-2025-54078 – WeGIA Reflected Cross-Site Scripting (XSS)

July 18, 2025

CVE ID : CVE-2025-54078

Published : July 18, 2025, 4:15 p.m. | 1 hour, 3 minutes ago

Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao_imagem.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `err` parameter. Version 3.4.6 fixes the issue.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-54079 – WeGIA SQL Injection Vulnerability

Next Article CVE-2025-7790 – D-Link DI-8100 HTTP Request Handler Stack-Based Buffer Overflow Vulnerability

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

Report: 71% of tech leaders won’t hire devs without AI skills

Could OpenAI’s rumored browser be a Chrome-killer? Here’s what I’m expecting

My favorite lens and screen-cleaning kit keeps my tech spotless, and it only costs $8

AI’s biggest impact on your workforce is still to come – 3 ways to avoid getting left behind

Remedy offers update on ‘FBC: Firebreak,’ details coming improvements — “We’ve seen many players come into the game and leave within the first hour.”

The details of TC39’s last meeting

The details of TC39’s last meeting

Online Examination System using PHP and MySQL

A tricky, educational quiz: it’s about time..

CAD Sketcher – constraint-based geometry sketcher

CAD Sketcher – constraint-based geometry sketcher

7 Best Free and Open Source Linux FTP Servers

Best Free and Open Source Alternatives to Autodesk FBX Review

CVE-2025-54078 – WeGIA Reflected Cross-Site Scripting (XSS)

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Sam Altman says people have a high degree of trust in ChatGPT, even though it hallucinates: “It should be the tech that you don’t trust that much”

NVIDIA TensorRT-LLM High-Severity Vulnerability Let Attackers Remote Code

HNS-2025-10 – HN Security Advisory – Local privilege escalation in Zyxel uOS

This Lenovo ThinkPad I tested breaks a decade-long design streak – and it looks fantastic

ByteDance Researchers Introduce DetailFlow: A 1D Coarse-to-Fine Autoregressive Framework for Faster, Token-Efficient Image Generation

Kingdom Come: Deliverance 2’s Patch 1.2.4 update just added a new Hardcore Mode, and I can’t wait to get my Bohemian butt kicked

CVE-2025-4563 – Kubernetes NodeRestriction Dynamic Resource Allocation Authorization Bypass

10 Best AI Tools for Sales

CVE-2025-54078 – WeGIA Reflected Cross-Site Scripting (XSS)

Related Posts