CVE-2025-62598 – WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint ‘pessoa/editar_info_pessoal.php’ Parameter ‘action’

CVE ID : CVE-2025-62598

Published : Oct. 21, 2025, 5:15 p.m. | 1 hour, 26 minutes ago

Description : WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the action parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?action=1. This issue has been patched in version 3.5.1.

Severity: 6.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…