CVE-2025-62178 identifies a reflected Cross-Site Scripting (XSS) vulnerability in the WeGIA web management system developed by LabRedesCefetRJ, primarily targeting Portuguese language institutions. The vulnerability is located in the /html/atendido/cadastro_atendido_parentesco_pessoa_nova.php endpoint, specifically in the idatendido parameter, which fails to properly neutralize user-supplied input before rendering it on the web page. This improper input handling allows an attacker to craft a malicious URL containing executable JavaScript code that, when clicked by an authenticated user with sufficient privileges, executes in the victim’s browser context. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 3.5, with vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N, indicating network attack vector, low attack complexity, high privileges required, user interaction needed, unchanged scope, and low confidentiality and integrity impacts without availability impact. The vulnerability was fixed in WeGIA version 3.5.1. No public exploits have been reported, suggesting limited active exploitation. The vulnerability could be leveraged to steal session tokens, perform actions on behalf of users, or conduct phishing attacks within the affected application context. Since WeGIA is an open-source tool focused on Portuguese language users, the user base is geographically and linguistically specific, which influences the threat landscape.

For European organizations, the impact of this vulnerability is primarily on confidentiality and integrity within the WeGIA application environment. Attackers exploiting this XSS flaw could hijack user sessions, steal sensitive information, or manipulate user interactions, potentially leading to unauthorized access or data leakage. Although the CVSS score is low, the requirement for high privileges and user interaction limits the attack surface. However, institutions managing sensitive personal or institutional data using WeGIA could face reputational damage and compliance issues if exploited. The vulnerability does not directly affect system availability but could be a stepping stone for more complex attacks if combined with other vulnerabilities. European organizations with Portuguese-speaking user bases or those using WeGIA for institutional management should be particularly vigilant. The lack of known exploits reduces immediate risk but does not eliminate the need for remediation.

1. Upgrade WeGIA to version 3.5.1 or later immediately to apply the official patch that fixes the XSS vulnerability. 2. Implement strict input validation and output encoding on all user-supplied data, especially parameters like idatendido, to prevent injection of malicious scripts. 3. Enforce the principle of least privilege by limiting user permissions to only those necessary, reducing the impact of any successful exploitation. 4. Educate users about the risks of clicking on suspicious links, particularly those requiring authentication, to mitigate social engineering vectors. 5. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within the application context. 6. Monitor web server logs and application behavior for unusual requests or patterns indicative of attempted XSS exploitation. 7. Conduct regular security assessments and code reviews focusing on input handling and sanitization practices. 8. Consider implementing Web Application Firewalls (WAFs) with rules tailored to detect and block reflected XSS attempts targeting the WeGIA application endpoints.