CVE-2025-53526

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.3

Description: A Cross-Site Scripting (XSS) Injection issue was found in WeGIA, a web manager for charitable institutions. The vulnerability is located in the novo memorando.php file. When a memo is submitted, the injected script is executed in the browser upon loading the listar memorandos antigos.php page.

Recommendations: For versions prior to 3.4.3, update to version 3.4.3 to resolve the issue. As a temporary workaround, consider restricting access to the novo memorando.php and listar memorandos antigos.php pages until the update is applied.