CVE-2025-23036

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.7

Description A Reflected Cross-Site Scripting (XSS) issue was identified in the "pre cadastro funcionario.php" endpoint of the WeGIA application. This issue allows attackers to inject malicious scripts in the msg e parameter due to the application's failure to validate and sanitize user inputs. The lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser.

Recommendations For versions prior to 3.2.7, upgrade to version 3.2.7 to address the issue. As a temporary workaround, consider restricting access to the pre cadastro funcionario.php endpoint until the upgrade is applied. Avoid using the msg e parameter in the affected endpoint until the issue is resolved.