CVE-2025-54078 is a Reflected Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management application developed by LabRedesCefetRJ. WeGIA is an open-source platform primarily targeting Portuguese-speaking charitable institutions, providing web management functionalities. The vulnerability exists in versions prior to 3.4.6, specifically in the 'personalizacao_imagem.php' endpoint. The issue arises from improper neutralization of user-supplied input in the 'err' parameter, allowing an attacker to inject malicious JavaScript code that is reflected back in the HTTP response without proper sanitization or encoding. This type of vulnerability falls under CWE-79, which involves the failure to correctly sanitize input during web page generation, leading to script injection. Exploitation requires no authentication but does require user interaction, as the victim must visit a crafted URL containing the malicious payload. The CVSS v3.1 base score is 6.5 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), high confidentiality impact (C:H), no integrity or availability impact (I:N/A:N). This means an attacker can remotely execute a script in the context of the victim's browser, potentially stealing sensitive information such as session cookies or performing actions on behalf of the user. Although no known exploits are currently reported in the wild, the vulnerability is publicly disclosed and fixed in version 3.4.6 of WeGIA. Given the nature of the vulnerability, it primarily threatens confidentiality through session hijacking or data theft, without direct impact on system integrity or availability.

For European organizations using WeGIA, particularly charitable institutions or NGOs serving Portuguese-speaking communities or operating multilingual platforms, this vulnerability poses a significant risk to user data confidentiality. Attackers could craft malicious links that, when clicked by legitimate users, execute scripts in their browsers, potentially leading to session hijacking, unauthorized access to sensitive information, or phishing attacks. This could damage the trustworthiness of the organization, lead to data breaches involving personal or donor information, and cause reputational harm. Since WeGIA is focused on charitable institutions, the impact could extend to vulnerable populations relying on these services. Additionally, the medium severity score and ease of exploitation without authentication make it a practical threat. European organizations with multilingual or Portuguese language support, or those collaborating with Portuguese-speaking partners, may be more likely to deploy WeGIA and thus be exposed. The lack of integrity or availability impact limits the threat to confidentiality, but the potential for data leakage and user session compromise remains a concern.

Organizations should promptly upgrade WeGIA installations to version 3.4.6 or later, where the vulnerability is patched. If immediate upgrade is not feasible, implement web application firewall (WAF) rules to detect and block suspicious requests containing script tags or unusual payloads in the 'err' parameter. Input validation and output encoding should be enforced on all user-supplied data, especially parameters reflected in responses. Security teams should conduct code reviews and penetration testing focused on XSS vectors in the application. User awareness training is recommended to reduce the risk of users clicking on malicious links. Additionally, implementing Content Security Policy (CSP) headers can help mitigate the impact of XSS by restricting the execution of unauthorized scripts. Monitoring web server logs for unusual request patterns targeting 'personalizacao_imagem.php' can help detect exploitation attempts. Finally, organizations should ensure session cookies are marked HttpOnly and Secure to reduce the risk of theft via XSS.