CVE-2025-23030

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.6

Description A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro funcionario.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the cpf parameter. The application fails to validate and sanitize user inputs in the cpf parameter, permitting the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser.

Recommendations For versions prior to 3.2.6, upgrade to version 3.2.6 or later to address the issue. As a temporary workaround, consider restricting access to the cadastro funcionario.php endpoint until the upgrade is possible. Additionally, avoid using the cpf parameter in the affected endpoint until the issue is resolved.