Skip to main content

CVE-2025-53929: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in LabRedesCefetRJ WeGIA

Medium
VulnerabilityCVE-2025-53929cvecve-2025-53929cwe-79
Published: Wed Jul 16 2025 (07/16/2025, 15:44:17 UTC)
Source: CVE Database V5
Vendor/Project: LabRedesCefetRJ
Product: WeGIA

Description

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cor.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malicious scripts into the `cor` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page `cadastro_pet.php` is accessed by users, posing a significant security risk. Version 3.4.5 fixes the issue.

AI-Powered Analysis

AILast updated: 07/24/2025, 00:58:05 UTC

Technical Analysis

CVE-2025-53929 is a Stored Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management application developed by LabRedesCefetRJ. WeGIA is an open-source platform primarily targeting Portuguese-speaking charitable organizations. The vulnerability exists in the 'adicionar_cor.php' endpoint, specifically in the handling of the 'cor' parameter. Prior to version 3.4.5, this parameter is improperly sanitized, allowing attackers to inject malicious JavaScript code that is stored persistently on the server. When any user accesses the affected 'cadastro_pet.php' page, the malicious script executes automatically in their browser context. This stored XSS flaw arises due to improper neutralization of input during web page generation, classified under CWE-79. The vulnerability has a CVSS 4.0 base score of 6.4, indicating a medium severity level. The attack vector is network-based with low attack complexity and no privileges or authentication required, but it does require user interaction (visiting the affected page). The impact includes partial compromise of confidentiality and integrity, with limited impact on availability. The vulnerability is fixed in WeGIA version 3.4.5, but no known exploits have been reported in the wild so far. Given the nature of stored XSS, attackers could leverage this flaw to perform session hijacking, defacement, phishing, or deliver malware to users of the platform, potentially compromising sensitive data or user trust within affected organizations.

Potential Impact

For European organizations using WeGIA, particularly charitable institutions or NGOs operating in Portuguese or serving Portuguese-speaking communities, this vulnerability poses a tangible risk. Exploitation could lead to unauthorized script execution in users' browsers, enabling attackers to steal session tokens, impersonate users, or manipulate displayed content. This could result in data breaches involving personal or donor information, reputational damage, and loss of trust among stakeholders. Since WeGIA targets charitable organizations, which often handle sensitive beneficiary data and donor details, the confidentiality and integrity of such data could be compromised. Additionally, the stored nature of the XSS means that multiple users could be affected over time, amplifying the impact. Although no known exploits are currently reported, the ease of exploitation and lack of required privileges make it a credible threat. The medium severity rating reflects the balance between potential impact and exploit complexity, but organizations should not underestimate the risk given the sensitive nature of their operations.

Mitigation Recommendations

European organizations should immediately verify their WeGIA application version and upgrade to version 3.4.5 or later, where the vulnerability is patched. If immediate upgrade is not feasible, implement input validation and output encoding on the 'cor' parameter to neutralize malicious scripts. Employ Content Security Policy (CSP) headers to restrict script execution sources and mitigate the impact of any injected scripts. Conduct thorough security audits and penetration testing focusing on input handling in all user-facing endpoints. Educate users about the risks of clicking suspicious links or interacting with untrusted content within the application. Monitor web server logs and application behavior for unusual input patterns or repeated access to the vulnerable endpoint. Additionally, consider implementing Web Application Firewalls (WAFs) with rules to detect and block common XSS payloads targeting the affected parameters. Regularly review and update security policies to include prompt patch management and vulnerability disclosure handling.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-07-14T17:23:35.259Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6877ccf3a83201eaacdc4949

Added to database: 7/16/2025, 4:01:55 PM

Last enriched: 7/24/2025, 12:58:05 AM

Last updated: 8/29/2025, 7:49:15 PM

Views: 27

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats