CVE-2025-5713 is a cross-site scripting (XSS) vulnerability identified in the SoluçõesCoop iSoluçõesWEB product, specifically affecting versions up to 20250519. The vulnerability resides in the Flow Handler component, within the /fluxos-dashboard file. The issue arises from improper sanitization or validation of the 'Descrição da solicitação' parameter, which allows an attacker to inject malicious scripts. Since the attack vector is remote and does not require authentication, an attacker can craft a specially crafted request to exploit this vulnerability. Successful exploitation can lead to the execution of arbitrary JavaScript in the context of the victim's browser session, potentially resulting in session hijacking, defacement, or redirection to malicious sites. The CVSS v4.0 base score is 5.1, indicating a medium severity level. The vulnerability does not impact confidentiality or availability directly but has a limited impact on integrity through script injection. User interaction is required (UI:P), meaning the victim must interact with the malicious payload for the attack to succeed. No known exploits are currently observed in the wild, but public disclosure increases the risk of exploitation. No official patches or mitigation links are provided, but upgrading the affected component is recommended once available.

For European organizations using SoluçõesCoop iSoluçõesWEB, this vulnerability poses a moderate risk. Since the product is likely used in cooperative or financial environments (given the vendor name), exploitation could lead to session hijacking or theft of sensitive data through browser-based attacks. This could undermine user trust, lead to unauthorized actions within the application, and potentially cause regulatory compliance issues under GDPR if personal data is compromised. The remote and unauthenticated nature of the vulnerability increases the attack surface, especially for web-facing instances. However, the requirement for user interaction limits automated mass exploitation. The impact on availability is negligible, but integrity and confidentiality could be compromised at a limited scale. Organizations with high web traffic or critical workflows relying on iSoluçõesWEB should prioritize remediation to avoid reputational damage and potential financial loss.

1. Immediate mitigation should include implementing strict input validation and output encoding on the 'Descrição da solicitação' parameter to neutralize malicious scripts. 2. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 3. Conduct thorough code reviews and penetration testing focused on XSS vectors within the Flow Handler component. 4. Monitor web application logs for suspicious input patterns targeting the vulnerable parameter. 5. Educate users about the risks of interacting with untrusted links or inputs within the application. 6. Coordinate with SoluçõesCoop to obtain and apply official patches or updates as soon as they become available. 7. If patching is delayed, consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block exploit attempts targeting this vulnerability. 8. Regularly update and audit all web-facing components to reduce exposure to similar vulnerabilities.