Reflected Cross-Site Scripting Vulnerability in WeGIA Web Manager
CVE-2025-62598

6.9MEDIUM

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 21 October 2025

🔔 Create Labredescefetrj Vulnerability Alert

What is CVE-2025-62598?

WeGIA, an open-source web management platform tailored for Portuguese-speaking users, has been found to contain a reflected cross-site scripting vulnerability in the editar_info_pessoal.php endpoint. This flaw, identified before the release of version 3.5.1, permits attackers to inject malicious scripts through the 'action' parameter. The affected endpoint is accessible via a GET request to /WeGIA/html/pessoa/editar_info_pessoal.php?action=1. Users are advised to upgrade to version 3.5.1 or later to mitigate this security risk.

Affected Version(s)

WeGIA < 3.5.1

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.5.1

x_refsource_MISC

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Oct 16, 2025

JSON