CVE-2025-67496

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application does not sanitize user-controlled data before rendering it inside the employee selection dropdown. The application retrieves employee names from the database and injects them directly into HTML elements without proper escaping. This issue is fixed in version 3.5.5.

More information : https://github.com/LabRedesCefetRJ/WeGIA/commit/c80b8cacd310fd459df61c030fb267c5e68cafc7