CVE-2025-53934 is a Stored Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management application developed by LabRedesCefetRJ. WeGIA is an open-source platform primarily targeting Portuguese-speaking charitable institutions. The vulnerability exists in the `control.php` endpoint, specifically within the `descricao_emergencia` parameter. Prior to version 3.4.5, this parameter does not properly neutralize user-supplied input, allowing an attacker to inject malicious JavaScript code that is stored persistently on the server. When other users access the affected page, the malicious script executes in their browsers under the context of the vulnerable application. This can lead to session hijacking, unauthorized actions on behalf of users, defacement, or redirection to malicious sites. The vulnerability is rated with a CVSS 4.0 score of 6.4 (medium severity), reflecting its network attack vector, low attack complexity, no privileges or authentication required, but requiring user interaction to trigger the payload. The scope is high, indicating that the vulnerability affects components beyond the vulnerable code itself. The vulnerability was published on July 16, 2025, and fixed in WeGIA version 3.4.5. No known exploits are currently reported in the wild. The CWE classification is CWE-79, which corresponds to improper neutralization of input during web page generation, a common cause of XSS vulnerabilities. Given the nature of the vulnerability, attackers can exploit it remotely without authentication, but user interaction (visiting the infected page) is necessary to execute the malicious script. Stored XSS is particularly dangerous because the malicious payload persists on the server and can affect multiple users over time.

For European organizations using WeGIA, especially charitable institutions or non-profits serving Portuguese-speaking communities, this vulnerability poses a significant risk to confidentiality and integrity of user data. Attackers can steal session cookies, impersonate users, or perform unauthorized actions within the application, potentially leading to data breaches or disruption of services. The stored nature of the XSS increases the risk of widespread impact, as multiple users can be affected once the malicious script is injected. Additionally, the vulnerability could be leveraged to deliver malware or phishing attacks targeting users of the platform. Given the focus on charitable organizations, exploitation could damage trust and reputation, impacting fundraising and service delivery. Although the CVSS score is medium, the real-world impact could be higher if sensitive data or privileged accounts are compromised. The vulnerability does not directly affect availability but could indirectly cause service disruption if exploited at scale or combined with other attacks.

European organizations using WeGIA should immediately upgrade to version 3.4.5 or later, where the vulnerability is fixed. If immediate upgrade is not feasible, implement input validation and output encoding on the `descricao_emergencia` parameter to neutralize potentially malicious scripts. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Regularly audit and sanitize stored data to remove any injected malicious content. Educate users about the risks of clicking suspicious links or interacting with untrusted content within the application. Monitor web server logs and application behavior for unusual activity that could indicate exploitation attempts. Additionally, implement web application firewalls (WAFs) with rules targeting XSS payloads to provide an additional layer of defense. Finally, conduct security testing and code reviews focusing on input handling and output encoding to prevent similar vulnerabilities in the future.