Login Sign Up

CVE-2026-23725

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

A stored cross-site scripting (XSS) vulnerability in WeGIA web manager allows attackers to inject malicious JavaScript into the adopters information table. Any user visiting the affected pages will automatically execute the injected payload. This affects all WeGIA installations prior to version 3.6.2.

💻 Affected Systems

Products:
  • WeGIA
Versions: All versions prior to 3.6.2
Operating Systems: Any
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installation of affected versions.

📦 What is this software?

Wegia by Wegia

View all CVEs affecting Wegia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on user systems.

🟠

Likely Case

Session hijacking, credential theft, or defacement of the adopters information pages.

🟢

If Mitigated

Limited impact with proper input validation and output encoding in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires ability to submit data to affected endpoints, but payload execution is automatic for all visitors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.2

Vendor Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-c85q-4fwg-99gw

Restart Required: No

Instructions:

1. Download WeGIA 3.6.2 from GitHub releases. 2. Backup current installation. 3. Replace affected files with patched versions. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize user input before processing.

Not applicable - requires code modification

Content Security Policy

all

Implement CSP headers to restrict script execution sources.

Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Header set X-Content-Type-Options "nosniff"

🧯 If You Can't Patch

  • Disable or restrict access to affected endpoints (/html/pet/adotantes/cadastro_adotante.php and /html/pet/adotantes/informacao_adotantes.php)
  • Implement web application firewall (WAF) rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check if version is below 3.6.2 and test for XSS payload injection in adopters information fields.

Check Version:

Check WeGIA configuration files or admin panel for version information

Verify Fix Applied:

Verify version is 3.6.2 or higher and test that XSS payloads are properly sanitized in output.

📡 Detection & Monitoring

Log Indicators:

  • Unusual JavaScript in form submissions
  • Multiple requests to adopters endpoints with script tags

Network Indicators:

  • HTTP requests containing script tags or JavaScript payloads to affected endpoints

SIEM Query:

source="web_logs" AND (uri="/html/pet/adotantes/cadastro_adotante.php" OR uri="/html/pet/adotantes/informacao_adotantes.php") AND (content="<script>" OR content="javascript:")

📊 Metadata

CVE ID: CVE-2026-23725
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.03% exploit probability (8.9th percentile)
Published: January 16, 2026
Last Updated: January 30, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23725, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)