Reflected XSS Vulnerability in WeGIA Web Manager by LabRedesCefetRJ
CVE-2025-62359

5.3MEDIUM

Key Information:

Vendor

Labredescefetrj

Status
Wegia
Vendor
CVE Published:
13 October 2025

What is CVE-2025-62359?

WeGIA, an open-source web management tool tailored for Portuguese-speaking users, contains a reflected cross-site scripting (XSS) vulnerability in the /pet/profile_pet.php?id_pet= endpoint. Prior to version 3.5.0, this flaw allows malicious actors to inject harmful scripts via the 'id_pet' parameter, posing significant risks to users and their data. Users are advised to update to version 3.5.0 or later to mitigate the risk associated with this vulnerability.

Affected Version(s)

WeGIA < 3.5.0

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...
x_refsource_CONFIRM
https://github.com/LabRedesCefetRJ/WeGIA/issues/257
x_refsource_MISC
https://github.com/LabRedesCefetRJ/WeGIA/commit/176733543...
x_refsource_MISC

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62359 : Reflected XSS Vulnerability in WeGIA Web Manager by LabRedesCefetRJ