CVE-2025-53929 is a stored Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management application developed by LabRedesCefetRJ. WeGIA is an open-source platform primarily targeting Portuguese-speaking charitable institutions. The vulnerability exists in the `adicionar_cor.php` endpoint, specifically in the handling of the `cor` parameter. Prior to version 3.4.5, this parameter is not properly sanitized or neutralized, allowing an attacker to inject malicious JavaScript code that is persistently stored on the server. When any user accesses the affected page `cadastro_pet.php`, the malicious script executes in their browser context. This stored XSS flaw can lead to session hijacking, credential theft, unauthorized actions on behalf of users, or the delivery of further malware. The vulnerability is rated with a CVSS 4.0 base score of 6.4 (medium severity), reflecting its network exploitable nature, lack of required privileges or authentication, but requiring user interaction to trigger the payload. The vulnerability impacts all WeGIA versions prior to 3.4.5, with the vendor having released a fix in version 3.4.5. No known exploits are reported in the wild yet. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. Given WeGIA’s focus on Portuguese language and charitable organizations, the affected user base is somewhat specialized but potentially sensitive due to the nature of the institutions involved.

For European organizations, particularly charitable and non-profit entities that use WeGIA or similar localized web management tools, this vulnerability poses a significant risk. Successful exploitation could lead to unauthorized access to sensitive user data, including personal information of donors, volunteers, and beneficiaries. The stored XSS could facilitate phishing attacks within the organization, session hijacking, or unauthorized actions performed with the privileges of legitimate users, potentially leading to data breaches or reputational damage. Since the vulnerability requires user interaction, social engineering could be leveraged to maximize impact. The availability of a fix mitigates long-term risk, but organizations that have not updated remain vulnerable. Given the focus on Portuguese language, European countries with Portuguese-speaking communities or charities operating in Portuguese (e.g., Portugal) are more likely to be impacted. Additionally, the vulnerability could be leveraged to target European charitable organizations collaborating with Portuguese-speaking partners or operating multilingual platforms.

Organizations using WeGIA should immediately upgrade to version 3.4.5 or later, where the vulnerability is patched. In addition to patching, implement strict input validation and output encoding on all user-supplied data, especially parameters like `cor` that are rendered in web pages. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts. Conduct regular security audits and penetration testing focused on XSS vulnerabilities. Educate users about the risks of clicking on suspicious links or interacting with untrusted content. For organizations unable to upgrade immediately, consider deploying Web Application Firewalls (WAFs) with rules to detect and block typical XSS payloads targeting the vulnerable endpoint. Monitor logs for unusual activity related to `adicionar_cor.php` and `cadastro_pet.php` pages. Finally, ensure that session management and authentication mechanisms are robust to limit the impact of any successful XSS exploitation.