CVE-2025-23034

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.6

Description A Reflected Cross-Site Scripting (XSS) issue was identified in the tags.php endpoint of the WeGIA application. This issue allows attackers to inject malicious scripts in the msg e parameter due to the application's failure to validate and sanitize user inputs. The lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser.

Recommendations For versions prior to 3.2.6, upgrade to version 3.2.6 or later to address the issue. As a temporary workaround, consider restricting access to the tags.php endpoint until the upgrade is applied. Additionally, avoid using the msg e parameter in the affected endpoint until the issue is resolved.