CVE-2025-53822 is a Reflected Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management application developed by LabRedesCefetRJ. WeGIA is an open-source platform primarily targeting Portuguese-speaking charitable institutions, facilitating web management tasks. The vulnerability exists in the `relatorio_geracao.php` endpoint, specifically in the handling of the `tipo_relatorio` parameter. Prior to version 3.4.5, this parameter is improperly sanitized, allowing attackers to inject malicious JavaScript code that is reflected back in the HTTP response. This type of XSS attack can be exploited by tricking users into clicking crafted URLs or submitting manipulated requests, leading to the execution of arbitrary scripts in the context of the victim's browser session. The vulnerability does not require authentication but does require user interaction (clicking a malicious link). The CVSS 3.1 base score is 6.5 (medium severity), reflecting a network attack vector with low complexity, no privileges required, user interaction needed, and high impact on confidentiality but no impact on integrity or availability. The vulnerability was patched in WeGIA version 3.4.5, which properly neutralizes input in the vulnerable parameter to prevent script injection. No known exploits have been reported in the wild as of the publication date (July 14, 2025).

For European organizations, especially those operating charitable or non-profit institutions that use WeGIA or similar localized management platforms, this vulnerability poses a risk of session hijacking, theft of sensitive information, or unauthorized actions performed on behalf of users. Since WeGIA focuses on Portuguese language users, organizations in Portugal and Portuguese-speaking communities in Europe are particularly at risk. The confidentiality impact is significant because attackers can steal session cookies or other sensitive data accessible via the browser. Although the vulnerability does not affect system integrity or availability directly, successful exploitation can lead to further attacks such as phishing, credential theft, or lateral movement within the affected organization's network. The requirement for user interaction means social engineering is a likely attack vector. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits following public disclosure. European organizations relying on WeGIA should consider this vulnerability a moderate risk that could facilitate broader compromise if leveraged in targeted attacks.

Organizations should immediately upgrade WeGIA installations to version 3.4.5 or later, where the vulnerability is patched. If upgrading is not immediately feasible, implement web application firewall (WAF) rules to detect and block suspicious payloads in the `tipo_relatorio` parameter, focusing on common XSS attack patterns such as script tags or event handlers. Additionally, apply Content Security Policy (CSP) headers to restrict script execution sources, reducing the impact of potential XSS attacks. Educate users about the risks of clicking unsolicited links and encourage cautious behavior with URLs received via email or messaging platforms. Regularly audit and sanitize all user inputs in custom deployments or extensions of WeGIA. Monitoring web server logs for unusual request patterns targeting the vulnerable endpoint can help detect exploitation attempts. Finally, ensure session cookies are marked HttpOnly and Secure to mitigate theft via XSS.