CVE-2025-30366
📋 TL;DR
WeGIA versions before 3.2.8 have a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into web pages. These scripts execute in users' browsers when they view compromised pages, potentially affecting all users of the charitable institution management system.
💻 Affected Systems
- WeGIA
📦 What is this software?
Wegia by Wegia
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, redirect users to malicious sites, deface the application, or perform actions on behalf of authenticated users, potentially compromising the entire charitable institution's operations.
Likely Case
Attackers inject malicious scripts to steal user session cookies or credentials, leading to account takeover and unauthorized access to sensitive charitable institution data.
If Mitigated
With proper input validation and output encoding, the risk is reduced to minimal, though the vulnerability still exists in the codebase.
🎯 Exploit Status
Stored XSS typically requires some level of access to input fields, but once injected, affects all users viewing the compromised page.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.2.8
Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pwr9-fr8r-8h48
Restart Required: Yes
Instructions:
1. Backup your current WeGIA installation and database. 2. Download WeGIA version 3.2.8 from the official repository. 3. Replace the existing installation with the new version. 4. Restart the web server service. 5. Verify the update was successful.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize user inputs before storing them in the database.
# Add input sanitization in PHP code before database insertion
# Example: htmlspecialchars($input, ENT_QUOTES, 'UTF-8')
Content Security Policy
allImplement a strict Content Security Policy header to restrict script execution sources.
# Add to web server configuration or PHP header
Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
# In PHP: header("Content-Security-Policy: default-src 'self'; script-src 'self'")
🧯 If You Can't Patch
- Implement a Web Application Firewall (WAF) with XSS protection rules
- Disable user input fields that could be vulnerable until patching is possible
🔍 How to Verify
Check if Vulnerable:
Check the WeGIA version in the admin panel or by examining the application files. If version is below 3.2.8, the system is vulnerable.Check Version:
Check WeGIA admin dashboard or examine the application's version file if availableVerify Fix Applied:
After updating to 3.2.8, verify the version in the admin panel and test input fields for proper sanitization by attempting to inject basic XSS payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual long input strings in form submissions
- Script tags or JavaScript code in user input logs
- Multiple failed login attempts followed by successful login from same IP
Network Indicators:
- HTTP requests containing script tags or JavaScript in parameters
- Unusual outbound connections from user browsers to external domains
SIEM Query:
source="wegia_logs" AND (message="*<script>*" OR message="*javascript:*" OR message="*onload=*" OR message="*onerror=*")