CVE-2025-67496 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, found in the WeGIA web management system developed by LabRedesCefetRJ. WeGIA is primarily targeted at Portuguese language institutions and is used for managing institutional web resources. The vulnerability exists in versions 3.5.4 and earlier, specifically in the /WeGIA/html/geral/configurar_senhas.php endpoint. The issue arises because the application retrieves employee names from its database and injects them directly into the HTML <option> elements of a dropdown menu without applying proper input sanitization or output encoding. This improper neutralization allows an attacker with at least limited privileges (PR:L) to insert malicious JavaScript code that will be stored persistently in the database and executed in the browsers of users who access the affected page. The attack vector is remote (AV:N), and no user interaction is required (UI:N) once the malicious payload is stored. The vulnerability impacts confidentiality by potentially allowing attackers to steal session cookies or other sensitive information accessible via the browser context. Integrity and availability are not directly affected. The vulnerability has a CVSS v3.1 base score of 4.3, indicating medium severity. The issue is resolved in version 3.5.5 of WeGIA. No known public exploits have been reported to date. The vulnerability highlights the importance of proper output encoding and input validation when rendering dynamic content in web applications, especially in administrative interfaces.

For European organizations using WeGIA, particularly those in Portuguese-speaking communities or institutions with ties to Portuguese language users, this vulnerability poses a risk of session hijacking, data leakage, or unauthorized actions performed via stolen credentials. Since the vulnerability is stored XSS, any authenticated user accessing the vulnerable page could have malicious scripts executed in their browser, potentially compromising sensitive institutional data or user credentials. This could lead to unauthorized access to internal systems or data breaches. Although the vulnerability does not directly affect system availability or integrity, the confidentiality impact can be significant in environments handling personal or institutional data. The medium CVSS score reflects the limited scope of exploitation (requires some privileges) and the lack of user interaction, but the persistent nature of the XSS increases the risk of widespread impact within affected organizations. European institutions that rely on WeGIA for web management should consider this a priority vulnerability to address to maintain compliance with data protection regulations such as GDPR.

1. Upgrade WeGIA to version 3.5.5 or later immediately, as this version contains the fix for the stored XSS vulnerability. 2. If immediate upgrade is not possible, implement web application firewall (WAF) rules to detect and block malicious scripts targeting the /WeGIA/html/geral/configurar_senhas.php endpoint. 3. Conduct a thorough audit of employee names and other user-generated content stored in the database to identify and remove any malicious payloads that may have been injected. 4. Implement strict output encoding for all user-supplied data rendered in HTML contexts, especially within <option> elements, to prevent script injection. 5. Enforce the principle of least privilege for users who can modify employee data to reduce the risk of malicious input insertion. 6. Educate administrators and users about the risks of XSS and encourage vigilance when interacting with web management interfaces. 7. Monitor logs and user activity for unusual behavior that could indicate exploitation attempts. 8. Review and enhance input validation and sanitization routines in custom deployments or forks of WeGIA to prevent similar vulnerabilities.