CVE-2025-54078 – WeGIA Reflected Cross-Site Scripting (XSS)

July 18, 2025

CVE ID : CVE-2025-54078

Published : July 18, 2025, 4:15 p.m. | 1 hour, 3 minutes ago

Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao_imagem.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `err` parameter. Version 3.4.6 fixes the issue.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-54079 – WeGIA SQL Injection Vulnerability

Next Article CVE-2025-7790 – D-Link DI-8100 HTTP Request Handler Stack-Based Buffer Overflow Vulnerability

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Cloudsmith launches ML Model Registry to provide a single source of truth for AI models and datasets

Kong Acquires OpenMeter to Unlock AI and API Monetization for the Agentic Era

Microsoft Graph CLI to be retired

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

ASUS built a desktop gaming PC around a mobile CPU — it’s an interesting, if flawed, idea

Hollow Knight: Silksong arrives on Xbox Game Pass this week — and Xbox’s September 1–7 lineup also packs in the horror. Here’s every new game.

The Xbox remaster that brought Gears to PlayStation just passed a huge milestone — “ending the console war” and proving the series still has serious pulling power

Magento (Adobe Commerce) or Optimizely Configured Commerce: Which One to Choose

Magento (Adobe Commerce) or Optimizely Configured Commerce: Which One to Choose

Updates from N|Solid Runtime: The Best Open-Source Node.js RT Just Got Better

Scale Your Business with AI-Powered Solutions Built for Singapore’s Digital Economy

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

ASUS built a desktop gaming PC around a mobile CPU — it’s an interesting, if flawed, idea

Hollow Knight: Silksong arrives on Xbox Game Pass this week — and Xbox’s September 1–7 lineup also packs in the horror. Here’s every new game.

CVE-2025-54078 – WeGIA Reflected Cross-Site Scripting (XSS)

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

Pennsylvania Attorney General’s Office Recovers from Ransomware Attack

AI Is Flipping UX Upside Down

Designing the new Airbnb app

Practice, a book on design and craft by Figma

CVE-2025-7751 – Code-projects Online Appointment Booking System SQL Injection Vulnerability

CVE-2025-50585 – StudentManage SQL Injection Vulnerability

CVE-2025-5169 – Assimp MDLImporter Out-of-Bounds Read Vulnerability

35 Best Windows 11 Themes to Download for Free

Hollow Knight: Silksong will be PLAYABLE at Gamescom — among the big new titles hitting the Xbox booth

CVE-2025-54078 – WeGIA Reflected Cross-Site Scripting (XSS)

Related Posts