CVE-2025-53930 is a stored Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management application developed by LabRedesCefetRJ. WeGIA is an open-source platform primarily targeting Portuguese-speaking charitable institutions. The vulnerability exists in the 'adicionar_especie.php' endpoint, specifically in the handling of the 'especie' parameter. Prior to version 3.4.5, this parameter does not properly neutralize user input, allowing attackers to inject malicious JavaScript code that is stored on the server. When other users access the affected page, the malicious script executes in their browsers, potentially leading to session hijacking, credential theft, unauthorized actions on behalf of users, or distribution of malware. The vulnerability is classified under CWE-79, which covers improper neutralization of input during web page generation. The CVSS 4.0 base score is 6.4 (medium severity), reflecting network attack vector, low attack complexity, no privileges or authentication required, but requiring user interaction. The vulnerability impacts confidentiality and integrity moderately and has a high scope and impact on security controls. Although no known exploits are reported in the wild, the risk remains significant due to the nature of stored XSS attacks, which can affect multiple users over time. Version 3.4.5 of WeGIA addresses and fixes this issue by properly sanitizing or encoding the 'especie' parameter input to prevent script injection.

For European organizations, especially charitable institutions and non-profits using WeGIA or similar localized web management tools, this vulnerability poses a tangible risk. Stored XSS can lead to compromise of user accounts, leakage of sensitive data, and erosion of trust in the platform. Attackers could leverage this vulnerability to impersonate users, conduct phishing campaigns, or pivot to further internal attacks. Given WeGIA's focus on Portuguese language users, organizations in Portugal and Portuguese-speaking communities in Europe could be particularly affected. The impact extends to data confidentiality and integrity, as malicious scripts can exfiltrate data or alter displayed content. Additionally, availability could be indirectly affected if attackers use the vulnerability to inject disruptive scripts. The medium severity score suggests a moderate but non-trivial risk, especially if deployed in environments with sensitive user data or critical operations. The lack of required privileges or authentication lowers the barrier for exploitation, increasing the threat surface for European organizations that have not updated to the patched version.

European organizations using WeGIA should immediately upgrade to version 3.4.5 or later, where the vulnerability is fixed. If immediate upgrade is not feasible, implement web application firewall (WAF) rules to detect and block malicious payloads targeting the 'especie' parameter, focusing on typical XSS attack patterns such as script tags or event handlers. Conduct thorough input validation and output encoding on all user-supplied data, especially in web forms and URL parameters. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Regularly audit and sanitize existing stored data to remove any injected malicious scripts. Educate users about the risks of clicking suspicious links or interacting with untrusted content within the application. Finally, monitor logs and user reports for signs of exploitation attempts or unusual behavior related to the vulnerable endpoint.