Reflected Cross-Site Scripting in WeGIA Open Source Web Manager for Institutions
CVE-2025-62358

5.4MEDIUM

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 13 October 2025

🔔 Create Labredescefetrj Vulnerability Alert

What is CVE-2025-62358?

WeGIA, an open source Web Manager tailored for Portuguese-speaking users, has a vulnerability in its log parameter within configuracao_geral.php that allows for Reflected Cross-Site Scripting (XSS). This security issue permits attackers to inject and execute arbitrary JavaScript code in the context of the victim's browser. The vulnerability was addressed in version 3.5.1 of WeGIA, enhancing its security against such attacks.

Affected Version(s)

WeGIA < 3.5.1

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

https://github.com/LabRedesCefetRJ/WeGIA/commit/eddb9b134...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Oct 10, 2025

JSON