CVE-2025-55170

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.8

Description: WeGIA is a web manager with a focus on the Portuguese language and charitable institutions. A reflected cross-site scripting (XSS) vulnerability exists in the /html/alterar senha.php API endpoint. Attackers can inject malicious scripts through the verificacao and redir config parameters.

Recommendations: Update to version 3.4.8 or later.