CVE-2025-23033 – This stored XSS vulnerability in WeGIA allows a... (How to Fix)

Q: What is the severity of CVE-2025-23033?

CVE-2025-23033 has a CVSS score of 5.4 (MEDIUM). This stored XSS vulnerability in WeGIA allows attackers to inject malicious scripts through the 'situacao' parameter in the adicionar_situacao.php endpoint. The scripts are stored on the server and automatically execute when users access affected pages, potentially compromising user data and sessions. All WeGIA users running vulnerable versions are affected.

📋 TL;DR

This stored XSS vulnerability in WeGIA allows attackers to inject malicious scripts through the 'situacao' parameter in the adicionar_situacao.php endpoint. The scripts are stored on the server and automatically execute when users access affected pages, potentially compromising user data and sessions. All WeGIA users running vulnerable versions are affected.

💻 Affected Systems

Products:

WeGIA

Versions: All versions before 3.2.6

Operating Systems: All platforms running WeGIA

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the adicionar_situacao.php endpoint specifically. Portuguese language focus but vulnerability language-agnostic.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, take over the WeGIA instance, access sensitive charitable donor data, and pivot to internal networks.

🟠

Likely Case

Session hijacking, credential theft, defacement of web pages, and data exfiltration from users accessing vulnerable pages.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only affecting non-sensitive user data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Stored XSS vulnerabilities are commonly exploited. Requires access to the vulnerable endpoint but no authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.6

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-r8fq-hqr2-v5j9

Restart Required: No

Instructions:

1. Backup your WeGIA instance and database. 2. Download WeGIA version 3.2.6 from the official repository. 3. Replace vulnerable files with patched version. 4. Verify the fix by testing the adicionar_situacao.php endpoint.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize the 'situacao' parameter

Modify adicionar_situacao.php to include: htmlspecialchars($_POST['situacao'], ENT_QUOTES, 'UTF-8')

🧯 If You Can't Patch

Implement a Web Application Firewall (WAF) with XSS protection rules
Disable or restrict access to the adicionar_situacao.php endpoint

🔍 How to Verify

Check if Vulnerable:

Test the adicionar_situacao.php endpoint by submitting a script payload like <script>alert('XSS')</script> in the 'situacao' parameter and check if it executes when viewing the page.

Check Version:

Check WeGIA version in admin panel or review application files for version indicators

Verify Fix Applied:

Attempt the same XSS payload test after patching; the script should be properly encoded and not execute.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to adicionar_situacao.php with script tags or JavaScript code in parameters
Multiple failed XSS attempts

Network Indicators:

HTTP requests containing script tags or JavaScript in POST data to the vulnerable endpoint

SIEM Query:

source="web_logs" AND uri="*adicionar_situacao.php*" AND (body="*<script>*" OR body="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-23033

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.22% exploit probability (43.8th percentile)

Published: January 14, 2025

Last Updated: February 13, 2025

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/commit/e6bfae095258e1200192f15bea68a933e9f310b9 Patch
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-r8fq-hqr2-v5j9 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-23033, you might also want to check these: