{"vulnerability": "GHSA-H8HR-JHCX-FCV9", "sightings": [{"uuid": "45d63f88-4c0f-468b-8cf8-6c0c0d2697fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-h8hr-jhcx-fcv9", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113789358194226275", "content": "", "creation_timestamp": "2025-01-07T22:10:14.763766Z"}, {"uuid": "3c89dd8a-9c64-4ff3-aee2-fe404ac4e37a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-H8HR-JHCX-FCV9", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/587", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22132\n\ud83d\udd39 Description: WeGIA is a web manager for charitable institutions. A Cross-Site Scripting (XSS) vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute arbitrary scripts in the context of a victim's browser. This can lead to information theft, session hijacking, and other forms of client-side exploitation. This vulnerability is fixed in 3.2.7.\n\ud83d\udccf Published: 2025-01-07T22:04:41.805Z\n\ud83d\udccf Modified: 2025-01-07T22:04:41.805Z\n\ud83d\udd17 References:\n1. https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-h8hr-jhcx-fcv9\n2. https://github.com/nilsonLazarin/WeGIA/commit/330f641db43cfb0c8ea8bb6025cc0732de4d4d6b", "creation_timestamp": "2025-01-07T22:37:05.000000Z"}]}