CVE-2025-53933 is a stored Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management application developed by LabRedesCefetRJ. WeGIA is an open-source platform primarily targeting Portuguese-speaking charitable institutions. The vulnerability exists in the 'adicionar_enfermidade.php' endpoint, specifically in the handling of the 'nome' parameter. Prior to version 3.4.5, the application fails to properly neutralize user-supplied input before embedding it into web pages, allowing attackers to inject malicious JavaScript code that is stored persistently on the server. When other users access the affected page, the malicious script executes in their browsers, potentially leading to session hijacking, credential theft, unauthorized actions, or distribution of malware. The CVSS 4.0 score of 6.4 reflects a medium severity, with network attack vector, low attack complexity, no privileges or authentication required, but user interaction needed. The vulnerability impacts confidentiality and integrity with limited availability impact. No known exploits are currently reported in the wild, and the issue is fixed in WeGIA version 3.4.5. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation, a common and dangerous web application security flaw.

For European organizations, especially charitable and non-profit institutions using WeGIA or similar localized web management tools, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to sensitive user data, including personal information of donors, volunteers, or beneficiaries. Attackers could leverage the XSS flaw to perform phishing attacks, steal session cookies, or escalate privileges within the application. Given the stored nature of the XSS, the malicious payload persists and can affect multiple users over time, increasing the attack surface. This could damage organizational reputation, lead to data protection violations under GDPR, and result in financial or operational disruptions. Moreover, since WeGIA focuses on Portuguese language users, European countries with Portuguese-speaking communities or organizations may be particularly impacted. The vulnerability’s medium severity suggests a moderate but tangible threat that requires timely remediation to prevent exploitation.

Organizations should immediately upgrade WeGIA installations to version 3.4.5 or later, where the vulnerability is patched. Until the upgrade is applied, implement strict input validation and output encoding on the 'nome' parameter to prevent script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts. Conduct thorough code reviews and penetration testing focusing on input handling in all user-facing endpoints. Educate users about the risks of clicking suspicious links or interacting with untrusted content within the application. Additionally, monitor web server logs and application behavior for unusual activity indicative of attempted XSS exploitation. For organizations unable to upgrade promptly, consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block malicious payloads targeting the vulnerable parameter. Regularly back up application data and maintain incident response plans to quickly address any compromise.