Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Dec 10, 2025
WeGia is Vulnerable to XSS through id_pessoa Parameter on Password Configuration Page
CVE-2025-67496
Description
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain a Stored Cross-Site Scripting (XSS) vulnerability in the /WeGIA/html/geral/configurar_senhas.php endpoint. The application does not sanitize user-controlled data before rendering it inside the employee selection dropdown. The application retrieves employee names from the database and injects them directly into HTML elements without proper escaping. This issue is fixed in version 3.5.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: < 3.5.5
Patches
Vulnerability mechanics
References
3- github.com/LabRedesCefetRJ/WeGIA/commit/c80b8cacd310fd459df61c030fb267c5e68cafc7mitrex_refsource_MISC
- github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.5.5mitrex_refsource_MISC
- github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-9843-qm67-73h2mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.