CVE-2025-57762 in WeGIA
Summary
by MITRE • 08/21/2025
WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Stored Cross-Site Scripting (XSS) vulnerability in the dependente_docdependente.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the nome parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.4.7.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 08/21/2025
The CVE-2025-57762 vulnerability represents a critical stored cross-site scripting flaw in the WeGIA web management system designed for charitable institutions. This vulnerability exists within the dependente_docdependente.php endpoint, which serves as a document management interface for dependent records within the charitable organization's database. The flaw specifically affects versions prior to 3.4.7, indicating that the developers identified and remediated this security gap in their software update cycle. The vulnerability's classification as stored XSS means that malicious payloads are not merely reflected in responses but are permanently stored on the server's database, creating a persistent threat vector that can affect multiple users over time.
The technical exploitation of this vulnerability occurs through the nome parameter, which is likely used to capture and store the name of dependents within the charitable institution's records. When an attacker crafts malicious script code and submits it through this parameter, the application fails to properly sanitize or validate the input before storing it in the database. This lack of input validation creates an environment where attacker-controlled code can be persisted and executed automatically whenever legitimate users access the dependent document pages. The stored nature of this vulnerability makes it particularly dangerous because the malicious scripts execute in the context of the victim's browser session, potentially allowing attackers to hijack user sessions, steal sensitive information, or perform unauthorized actions on behalf of authenticated users.
The operational impact of this vulnerability extends beyond simple script execution, as it fundamentally undermines the security posture of charitable institutions using the WeGIA platform. When attackers successfully exploit this flaw, they can manipulate the application's behavior to redirect users to malicious domains, steal session cookies, or inject additional malicious content into the application's interface. The vulnerability creates opportunities for attackers to gain persistent access to sensitive organizational data, potentially compromising donor information, financial records, and confidential dependent details. This risk is particularly severe for charitable organizations that handle sensitive personal information and financial data, as the exploitation could lead to data breaches, identity theft, or financial fraud. The vulnerability also affects the trust relationship between the organization and its users, as compromised applications can be used to spread malware or conduct phishing attacks through the application's interface.
Security mitigations for this vulnerability should focus on implementing robust input validation and output encoding mechanisms throughout the application's data handling processes. The fix implemented in version 3.4.7 likely includes proper sanitization of user inputs, particularly for parameters like nome, to prevent malicious scripts from being stored in the database. Organizations should implement comprehensive parameter validation that rejects or removes potentially dangerous characters and patterns from user inputs before processing or storing them. Additionally, the application should employ proper output encoding when displaying stored data to ensure that any previously injected scripts are rendered harmless. The vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws, and could be mapped to ATT&CK technique T1566.001 for initial access through malicious web content, highlighting the importance of input validation in preventing such attacks. Organizations should also implement regular security assessments and penetration testing to identify similar vulnerabilities in other application components, as this type of flaw often indicates broader input validation weaknesses within the application architecture.