CVE-2026-45025
Stored XSS in WeGIA Web Manager Prior to 3.7.3
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | to 3.7.3 (exc) |
| labredescefetrj | wegia | to 3.7.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated users to inject malicious JavaScript that can lead to session hijacking and account takeover. Such unauthorized access and potential data breaches could impact compliance with standards like GDPR and HIPAA, which require protection of user data and secure access controls.
However, the provided information does not explicitly mention the impact on compliance with these regulations.
Can you explain this vulnerability to me?
CVE-2026-45025 is a Stored Cross-Site Scripting (XSS) vulnerability in the WeGIA web manager application, specifically in the "Etapas de um Processo" page (html/atendido/etapa_processo.php).
The vulnerability occurs because the application does not properly sanitize or encode user input in this page, allowing an authenticated user to inject malicious JavaScript code into the "description" field.
When other users access this page, the injected malicious script executes in their browsers.
This can lead to session hijacking and account takeover.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to hijack user sessions and take over accounts within the WeGIA application.
Since the malicious JavaScript executes in the context of the user's browser, attackers can steal session cookies or perform actions on behalf of the user without their consent.
This compromises the confidentiality and integrity of user accounts and data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying if the WeGIA application version is prior to 3.7.3 and by checking if the "Etapas de um Processo" page (html/atendido/etapa_processo.php) allows injection of malicious JavaScript in the "description" field.
Since the vulnerability involves stored Cross-Site Scripting (XSS), detection can involve attempting to inject benign test scripts into the "description" field as an authenticated user and then accessing the page to see if the script executes.
No specific commands are provided in the available resources, but general detection steps include:
- Check the application version to confirm if it is older than 3.7.3.
- Use a web proxy tool (e.g., Burp Suite) to intercept and modify requests to the "description" field with test JavaScript payloads.
- Access the affected page to observe if the injected script executes, indicating the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the WeGIA application to version 3.7.3 or later, where the vulnerability has been fixed.
Until the upgrade can be applied, restrict authenticated user permissions to limit who can input data into the "description" field on the "Etapas de um Processo" page.
Additionally, monitor and audit user inputs for suspicious scripts and consider implementing web application firewall (WAF) rules to detect and block malicious JavaScript payloads targeting this page.