CVE-2025-29782

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.17

Description: A Stored Cross-Site Scripting (XSS) issue was identified in the "adicionar tipo docs atendido.php" endpoint, allowing attackers to inject malicious scripts into the tipo parameter. These scripts are stored on the server and executed automatically when the affected page is accessed, posing a significant security risk.

Recommendations: For versions prior to 3.2.17, update to version 3.2.17 to resolve the issue. As a temporary workaround, consider restricting access to the "adicionar tipo docs atendido.php" endpoint until the update is applied. Avoid using the tipo parameter in the affected endpoint until the issue is resolved.