Reflected XSS Vulnerability in WeGIA Web Manager for Charitable Institutions
CVE-2025-22139
6.1MEDIUM
What is CVE-2025-22139?
A Reflected Cross-Site Scripting vulnerability was discovered in the WeGIA web manager, specifically in the configuracao_geral.php endpoint. This issue enables attackers to inject arbitrary JavaScript code in the msg_c parameter, potentially compromising user sessions or redirecting users to malicious sites. The vulnerability has been addressed in version 3.2.8 of the application, and immediate updates are recommended to ensure system integrity and user safety.