Reflected XSS Vulnerability in WeGIA Web Manager for Portuguese Charities

CVE-2025-23034

Summary

A reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA application, specifically within the 'tags.php' endpoint. This flaw arises from the application's failure to adequately validate and sanitize user inputs in the 'msg_e' parameter. Consequently, attackers can inject harmful scripts that are reflected back to the user's browser, posing significant security risks by executing malicious payloads in the context of the victim's session. Users are strongly encouraged to upgrade to version 3.2.6 to mitigate this risk, as no effective workarounds currently exist.

References