CVE-2025-62358 identifies a reflected Cross-Site Scripting (XSS) vulnerability in the WeGIA web management platform developed by LabRedesCefetRJ, primarily targeting Portuguese language users. The vulnerability resides in the 'log' parameter of the configuracao_geral.php script in versions prior to 3.5.1. Due to improper neutralization of input during web page generation (CWE-79), an attacker can craft a malicious URL containing JavaScript code injected into the 'log' parameter. When a victim accesses this URL, the injected script executes within their browser context, potentially allowing theft of session cookies, redirection to malicious sites, or unauthorized actions performed with the victim's privileges. The vulnerability requires no authentication but does require user interaction (clicking a malicious link). The CVSS 3.1 base score is 5.4 (medium), reflecting network attack vector, low attack complexity, no privileges required, user interaction needed, and limited confidentiality and integrity impact without availability impact. No known exploits have been reported in the wild as of the publication date. The issue is resolved in WeGIA version 3.5.1, where input sanitization or encoding prevents script injection. Given WeGIA's focus on Portuguese language institutions, the vulnerability primarily threatens organizations using this software for web management, including educational and institutional environments. The reflected XSS can be leveraged in phishing campaigns or targeted attacks to compromise user sessions or deliver secondary payloads.

For European organizations, the impact of CVE-2025-62358 centers on the risk of session hijacking, credential theft, or unauthorized actions performed via malicious scripts executed in users' browsers. Institutions using WeGIA for web management may expose their staff or users to phishing or social engineering attacks exploiting this vulnerability. Confidentiality is moderately impacted as attackers can steal sensitive session tokens or personal data accessible via the browser. Integrity is also affected since attackers can perform actions on behalf of users if session tokens are compromised. Availability is not impacted. The requirement for user interaction limits automated exploitation but does not eliminate risk, especially in environments with frequent external communications. European organizations with Portuguese language users or Lusophone communities are more likely to deploy WeGIA, increasing their exposure. The vulnerability could be leveraged in targeted attacks against educational institutions or public sector entities using this platform, potentially leading to reputational damage and data breaches.

1. Immediate upgrade of WeGIA installations to version 3.5.1 or later, where the vulnerability is patched. 2. Implement strict input validation and output encoding on all user-controllable parameters, especially the 'log' parameter in configuracao_geral.php, to prevent script injection. 3. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4. Educate users about the risks of clicking on suspicious links and implement email filtering to reduce phishing attempts. 5. Monitor web server logs for unusual requests containing suspicious payloads targeting the 'log' parameter. 6. Use web application firewalls (WAFs) with rules to detect and block reflected XSS attack patterns specific to WeGIA. 7. Conduct regular security assessments and penetration testing focusing on input validation weaknesses. 8. For organizations unable to immediately patch, consider disabling or restricting access to vulnerable pages or parameters temporarily.