Reflected XSS Vulnerability in WeGIA Web Manager
CVE-2025-62597

6.9MEDIUM

Key Information:

Vendor

Labredescefetrj

Status
Wegia
Vendor
CVE Published:
21 October 2025

What is CVE-2025-62597?

WeGIA, an open-source Web Manager tailored for Portuguese language users, harbors a reflected cross-site scripting (XSS) vulnerability discovered in the editar_info_pessoal.php endpoint. This flaw enables attackers to craft requests that inject harmful scripts into the application via the sql parameter. The vulnerable endpoint is specifically accessed at /WeGIA/html/pessoa/editar_info_pessoal.php?sql=1, posing significant security risks to users. This issue was promptly addressed in version 3.5.1, highlighting the importance of software update practices.

Affected Version(s)

WeGIA < 3.5.1

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...
x_refsource_CONFIRM
https://github.com/LabRedesCefetRJ/WeGIA/commit/e41395fe6...
x_refsource_MISC
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.5.1
x_refsource_MISC

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62597 : Reflected XSS Vulnerability in WeGIA Web Manager