{"id":"CVE-2025-22132","summary":"WeGIA has a Cross-Site Scripting (XSS) in File Upload Field","details":"WeGIA is a web manager for charitable institutions. A Cross-Site Scripting (XSS) vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute arbitrary scripts in the context of a victim's browser. This can lead to information theft, session hijacking, and other forms of client-side exploitation. This vulnerability is fixed in 3.2.7.","aliases":["GHSA-h8hr-jhcx-fcv9"],"modified":"2026-04-16T04:14:04.844134Z","published":"2025-01-07T22:04:41.805Z","database_specific":{"cwe_ids":["CWE-434","CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/22xxx/CVE-2025-22132.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/22xxx/CVE-2025-22132.json"},{"type":"ADVISORY","url":"https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-h8hr-jhcx-fcv9"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22132"},{"type":"FIX","url":"https://github.com/nilsonLazarin/WeGIA/commit/330f641db43cfb0c8ea8bb6025cc0732de4d4d6b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/labredescefetrj/wegia","events":[{"introduced":"0"},{"fixed":"21176917cd63e0bf7c55676a0b090a954b718753"}]}],"versions":["0.9.4-beta","v1.0","v2.0","v2.0-beta","v3.1","v3.2.0","v3.2.6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22132.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L"}]}