CVE-2025-67496

Name of the Vulnerable Software and Affected Versions WeGIA versions 3.5.4 and below

Description WeGIA, an open source Web Manager for Institutions, is affected by a Stored Cross-Site Scripting (XSS) issue. The application fails to sanitize user-controlled data before rendering it within the employee selection dropdown. Employee names are retrieved from the database and directly injected into HTML <option> elements without proper escaping. The vulnerability exists in the /WeGIA/html/geral/configurar senhas.php endpoint.

Recommendations Update to version 3.5.5 or later.