CVE-2025-53929 is a Stored Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management application developed by LabRedesCefetRJ. WeGIA is an open-source platform primarily targeting Portuguese-speaking charitable organizations. The vulnerability exists in the 'adicionar_cor.php' endpoint, specifically in the handling of the 'cor' parameter. Prior to version 3.4.5, this parameter is improperly sanitized, allowing attackers to inject malicious JavaScript code that is stored persistently on the server. When any user accesses the affected 'cadastro_pet.php' page, the malicious script executes automatically in their browser context. This stored XSS flaw arises due to improper neutralization of input during web page generation, classified under CWE-79. The vulnerability has a CVSS 4.0 base score of 6.4, indicating a medium severity level. The attack vector is network-based with low attack complexity and no privileges or authentication required, but it does require user interaction (visiting the affected page). The impact includes partial compromise of confidentiality and integrity, with limited impact on availability. The vulnerability is fixed in WeGIA version 3.4.5, but no known exploits have been reported in the wild so far. Given the nature of stored XSS, attackers could leverage this flaw to perform session hijacking, defacement, phishing, or deliver malware to users of the platform, potentially compromising sensitive data or user trust within affected organizations.

For European organizations using WeGIA, particularly charitable institutions or NGOs operating in Portuguese or serving Portuguese-speaking communities, this vulnerability poses a tangible risk. Exploitation could lead to unauthorized script execution in users' browsers, enabling attackers to steal session tokens, impersonate users, or manipulate displayed content. This could result in data breaches involving personal or donor information, reputational damage, and loss of trust among stakeholders. Since WeGIA targets charitable organizations, which often handle sensitive beneficiary data and donor details, the confidentiality and integrity of such data could be compromised. Additionally, the stored nature of the XSS means that multiple users could be affected over time, amplifying the impact. Although no known exploits are currently reported, the ease of exploitation and lack of required privileges make it a credible threat. The medium severity rating reflects the balance between potential impact and exploit complexity, but organizations should not underestimate the risk given the sensitive nature of their operations.

European organizations should immediately verify their WeGIA application version and upgrade to version 3.4.5 or later, where the vulnerability is patched. If immediate upgrade is not feasible, implement input validation and output encoding on the 'cor' parameter to neutralize malicious scripts. Employ Content Security Policy (CSP) headers to restrict script execution sources and mitigate the impact of any injected scripts. Conduct thorough security audits and penetration testing focusing on input handling in all user-facing endpoints. Educate users about the risks of clicking suspicious links or interacting with untrusted content within the application. Monitor web server logs and application behavior for unusual input patterns or repeated access to the vulnerable endpoint. Additionally, consider implementing Web Application Firewalls (WAFs) with rules to detect and block common XSS payloads targeting the affected parameters. Regularly review and update security policies to include prompt patch management and vulnerability disclosure handling.