CVE-2025-22619

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.6

Description A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the editar permissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg c parameter. The application fails to validate and sanitize user inputs in the msg c parameter, permitting the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser.

Recommendations For WeGIA versions prior to 3.2.6, upgrade to version 3.2.6 or later to address the vulnerability. As a temporary workaround, consider restricting access to the editar permissoes.php endpoint until the issue is resolved. Avoid using the msg c parameter in the affected endpoint until the issue is resolved.