CVE-2025-67496 – This stored XSS vulnerability in WeGIA allows a... (How to Fix)

Q: What is the severity of CVE-2025-67496?

CVE-2025-67496 has a CVSS score of 4.3 (MEDIUM). This stored XSS vulnerability in WeGIA allows attackers to inject malicious scripts into employee selection dropdowns, which execute when administrators view the password configuration page. All users of WeGIA versions 3.5.4 and below are affected. The vulnerability requires an attacker to have access to modify employee data in the database.

📋 TL;DR

This stored XSS vulnerability in WeGIA allows attackers to inject malicious scripts into employee selection dropdowns, which execute when administrators view the password configuration page. All users of WeGIA versions 3.5.4 and below are affected. The vulnerability requires an attacker to have access to modify employee data in the database.

💻 Affected Systems

Products:

WeGIA

Versions: 3.5.4 and below

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as administrators, or redirect users to malicious sites, potentially leading to full system compromise.

🟠

Likely Case

Attackers with database access could inject scripts to steal administrator credentials or perform limited unauthorized actions within the application.

🟢

If Mitigated

With proper input validation and output encoding, the risk is eliminated as malicious scripts would be rendered harmless.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to modify employee names in the database, which typically requires some level of access to the application or database.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.5

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-9843-qm67-73h2

Restart Required: No

Instructions:

1. Backup your current installation and database. 2. Download version 3.5.5 from the official GitHub repository. 3. Replace the vulnerable file /WeGIA/html/geral/configurar_senhas.php with the patched version. 4. Verify the fix by checking that employee names are properly HTML-encoded in the dropdown.

🔧 Temporary Workarounds

Manual Input Sanitization

all

Add HTML entity encoding to employee names before they are rendered in the dropdown options.

Edit /WeGIA/html/geral/configurar_senhas.php and wrap employee name output with htmlspecialchars() or equivalent encoding function

🧯 If You Can't Patch

Implement a web application firewall (WAF) with XSS protection rules
Restrict database access to prevent unauthorized modification of employee names

🔍 How to Verify

Check if Vulnerable:

Check if your WeGIA version is 3.5.4 or below by examining the application version in the interface or configuration files.

Check Version:

Check the application's version.php file or admin interface for version information

Verify Fix Applied:

After patching, attempt to inject HTML/script content into employee names and verify it appears as plain text rather than executing in the dropdown.

📡 Detection & Monitoring

Log Indicators:

Unusual modifications to employee records in database logs
Administrator sessions accessing configurar_senhas.php with suspicious parameters

Network Indicators:

HTTP requests to configurar_senhas.php with script tags or JavaScript in parameters

SIEM Query:

source="web_logs" AND uri="/WeGIA/html/geral/configurar_senhas.php" AND (query CONTAINS "<script>" OR query CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-67496

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (9.8th percentile)

Published: December 9, 2025

Last Updated: December 18, 2025

🔗 References

https://github.com/LabRedesCefetRJ/WeGIA/commit/c80b8cacd310fd459df61c030fb267c5e68cafc7 Patch
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.5.5 Release Notes
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-9843-qm67-73h2 Exploit,Vendor Advisory
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-9843-qm67-73h2 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67496, you might also want to check these: