CVE-2025-22617

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.7

Description A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the editar socio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the socio parameter. The application fails to validate and sanitize user inputs in the socio parameter, permitting the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser.

Recommendations For versions prior to 3.2.7, upgrade to version 3.2.7 to address the issue. As a temporary workaround, consider restricting access to the editar socio.php endpoint until the upgrade is applied. Additionally, avoid using the socio parameter in the affected endpoint until the issue is resolved.