CVE-2025-53931 is a stored Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management application developed by LabRedesCefetRJ. WeGIA is an open-source platform primarily targeting Portuguese-speaking charitable institutions. The vulnerability exists in the 'adicionar_raca.php' endpoint, specifically in the handling of the 'raca' parameter. Prior to version 3.4.5, the application fails to properly neutralize user input before embedding it into web pages, allowing attackers to inject malicious JavaScript code that is stored persistently on the server. When other users access the affected page, the malicious script executes in their browsers, potentially leading to session hijacking, credential theft, unauthorized actions, or distribution of malware. The vulnerability is classified under CWE-79, indicating improper input sanitization during web page generation. The CVSS 4.0 base score is 6.4 (medium severity), reflecting network attack vector, low attack complexity, no privileges or authentication required, but user interaction is necessary for exploitation. The vulnerability impacts confidentiality and integrity moderately, with limited impact on availability. Although no known exploits are reported in the wild, the presence of stored XSS in a web management tool used by charitable organizations poses a tangible risk, especially if attackers leverage social engineering to entice users to visit compromised pages. Version 3.4.5 of WeGIA addresses this issue by implementing proper input validation and output encoding to neutralize malicious scripts in the 'raca' parameter.

For European organizations, particularly those using WeGIA or similar web management tools in Portuguese-speaking charitable or nonprofit sectors, this vulnerability could lead to unauthorized access to user sessions, data leakage, and potential defacement or manipulation of web content. Given the stored nature of the XSS, any user accessing the vulnerable page risks exposure to malicious scripts, which could facilitate phishing attacks or spread malware within organizational networks. The impact extends to reputational damage and loss of trust, especially critical for charitable institutions that rely on donor confidence. Additionally, if attackers exploit this vulnerability to escalate privileges or pivot within the network, it could lead to broader compromise of sensitive data. Although the vulnerability does not directly affect availability, the indirect consequences of compromised user accounts and data integrity could disrupt organizational operations. The medium severity rating suggests that while the risk is significant, it is not critical; however, the ease of exploitation without authentication and the potential for widespread impact in affected communities warrant prompt remediation.

European organizations using WeGIA should immediately upgrade to version 3.4.5 or later, where the vulnerability is patched. Until the upgrade is applied, organizations should implement strict input validation and output encoding on the 'raca' parameter at the application or web server level to neutralize malicious scripts. Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts and reduce the impact of potential XSS payloads. Conduct regular security audits and penetration testing focusing on input handling in web applications. Educate users about the risks of clicking on suspicious links or interacting with untrusted content within the platform. Additionally, implement web application firewalls (WAFs) with rules targeting XSS attack patterns to provide an additional layer of defense. Monitoring logs for unusual activity related to the vulnerable endpoint can help detect exploitation attempts early. Finally, maintain an incident response plan tailored to web application attacks to quickly contain and remediate any successful exploitation.