CVE-2025-58452 is a reflected Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web application, a management platform designed for charitable institutions developed by LabRedesCefetRJ. The vulnerability exists in the listar_despachos.php endpoint, specifically in the handling of the id_memorando parameter. Prior to version 3.4.11, the application fails to properly neutralize user-supplied input in this parameter, allowing an attacker to inject malicious scripts that are reflected back to the user’s browser. This type of vulnerability can be exploited by tricking users into clicking crafted URLs or submitting specially crafted requests, resulting in the execution of arbitrary JavaScript code within the context of the victim’s browser session. The CVSS 4.0 base score is 2.1, indicating a low severity level, primarily because the attack vector is network-based, requires no privileges, but does require user interaction and has limited impact on confidentiality, integrity, and availability. The vulnerability does not require authentication and does not affect the server’s internal state or data directly but can be used for session hijacking, phishing, or delivering malware payloads. The issue was patched in WeGIA version 3.4.11, which properly sanitizes or encodes the id_memorando parameter to prevent script injection. No known exploits are currently reported in the wild, suggesting limited active exploitation at this time.

For European organizations, particularly charitable institutions using the WeGIA platform, this vulnerability poses a risk primarily to end users and administrators who interact with the vulnerable endpoint. Successful exploitation could lead to session hijacking, theft of sensitive information such as authentication tokens, or redirection to malicious sites, potentially undermining trust in the organization and exposing users to further attacks. While the direct impact on backend systems is minimal, the reputational damage and potential data leakage through client-side attacks can be significant. Given the low CVSS score, the threat is not critical but should not be ignored, especially in environments where user trust and data privacy are paramount. Organizations that have not updated to version 3.4.11 remain exposed to these client-side risks. Additionally, phishing campaigns leveraging this vulnerability could target European users, exploiting localized trust in charitable organizations.

Organizations using WeGIA should immediately verify their application version and upgrade to version 3.4.11 or later, where the vulnerability is patched. Beyond applying the patch, organizations should implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of any potential XSS vulnerabilities. Input validation and output encoding should be enforced consistently across all user-controllable inputs, not only in the id_memorando parameter. Security awareness training for users to recognize suspicious URLs and phishing attempts can reduce the risk of successful exploitation. Regular security testing, including automated scanning for XSS vulnerabilities and manual code reviews, should be integrated into the development lifecycle. Additionally, monitoring web logs for unusual request patterns targeting listar_despachos.php can help detect attempted exploitation.