CVE-2025-27417

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.2.16

Description A Stored Cross-Site Scripting (XSS) issue was identified in the "adicionar status atendido.php" endpoint, allowing attackers to inject malicious scripts into the status parameter. These scripts are stored on the server and executed when the affected page is accessed, posing a significant security risk.

Recommendations For versions prior to 3.2.16, update to version 3.2.16 to resolve the issue. As a temporary workaround, consider restricting access to the "adicionar status atendido.php" endpoint to minimize the risk of exploitation. Avoid using the status parameter in the affected endpoint until the issue is resolved.