Reflected XSS Vulnerability in WeGIA Web Manager Impacting Portuguese Charitable Institutions
CVE-2025-54078
6.5MEDIUM
What is CVE-2025-54078?
WeGIA, an open source web management application designed for Portuguese-speaking charitable institutions, contains a reflected Cross-Site Scripting (XSS) vulnerability in its personalizacao_imagem.php endpoint. This flaw exists in versions prior to 3.4.6 and permits attackers to inject and execute harmful scripts by manipulating the err parameter. Users are strongly encouraged to upgrade to version 3.4.6 to mitigate this security risk.
Affected Version(s)
WeGIA < 3.4.6