Reflected XSS Vulnerability in WeGIA Web Manager for Portuguese Charities
CVE-2025-23034
6.1MEDIUM
Summary
A reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA application, specifically within the 'tags.php' endpoint. This flaw arises from the application's failure to adequately validate and sanitize user inputs in the 'msg_e' parameter. Consequently, attackers can inject harmful scripts that are reflected back to the user's browser, posing significant security risks by executing malicious payloads in the context of the victim's session. Users are strongly encouraged to upgrade to version 3.2.6 to mitigate this risk, as no effective workarounds currently exist.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published