Volerion logoVolerion
Volerion logoVolerion

WeGIA Stored Cross-Site Scripting Vulnerability in Memo Management Module

Vulnerability

A stored cross-site scripting (XSS) vulnerability has been identified in WeGIA, a web management tool for charitable institutions, specifically within the memo creation module. This issue affects versions through 3.4.2. The vulnerability allows an attacker to inject a script payload, which is then executed in the browser when the old memos listing page is accessed. The injected script execution is confirmed by a warning pop-up alerting the presence of the XSS payload.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page, potentially leading to session hijacking or other malicious actions.

Reproduction

To reproduce this vulnerability, navigate to the memo creation page and inject a script payload into the text field. After submitting the memo, the injected script will be executed when the old memos listing page is accessed.

Remediation

Users can update to WeGIA version 3.4.3 to address this vulnerability.

Added: Jul 7, 2025, 5:48 PM
Updated: Jul 7, 2025, 5:48 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
1.7
exploitability
5.8
remediation
7.7
relevance
0.2
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.