What is CVE-2025-23038?

A stored cross-site scripting vulnerability in WeGIA allows attackers to execute scripts via the `remuneracao.php` endpoint. Organizations should patch to mitigate risk.

What is the severity of CVE-2025-23038?

CVE-2025-23038 has a severity rating of MEDIUM with a CVSS base score of 6.4.

CVE-2025-23038 | Medium Vulnerability in WeGIA

CVE-2025-23038 is a medium-severity vulnerability affecting WeGIA, an open-source web management application focused on the Portuguese language and charitable institutions. This vulnerability, identified as a Stored Cross-Site Scripting (XSS) issue, resides in the `remuneracao.php` endpoint and allows attackers to inject malicious scripts into the `descricao` parameter. The potential impact of this vulnerability is significant, as injected scripts are stored on the server and executed automatically when the affected page is accessed by users.

The lack of proper validation and sanitization of user inputs in the `remuneracao.php` parameter enables attackers to leverage this vulnerability effectively. Once exploited, the malicious payload could execute in the victim's browser, leading to compromised user data and systems. As of now, there are no known workarounds for this vulnerability, making timely remediation crucial.

WeGIA has addressed this issue in version 3.2.6. Organizations using this application are advised to upgrade immediately to mitigate risks associated with this vulnerability. Failure to do so could expose users to significant security threats, particularly in sensitive environments.

Risk to organizations includes potential data breaches and unauthorized access to sensitive information due to the effective exploitation of this vulnerability. Organizations should prioritize patching immediately.

As of now, there is no public exploit confirmed in databases such as Exploit DB, and the vulnerability has not been included in the Known Exploited Vulnerabilities (KEV) catalog. However, the low exploit maturity indicates that the risk is present and should be taken seriously.

Security teams must remain vigilant and monitor for any signs of exploitation of this vulnerability, especially in environments where WeGIA is deployed.

For more information on vulnerability management and remediation strategies, organizations should consider implementing an effective vulnerability management program that aligns with their security posture.

Additionally, it is essential to incorporate continuous security assessments and penetration testing to identify similar weaknesses in applications.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE ID

Severity

CVE-2025-65418

HIGH

CVE-2025-65417

MEDIUM

CVE-2025-65416

MEDIUM

CVE-2025-65415

MEDIUM

CVE-2025-61314

HIGH

CVE-2025-23038: Medium Vulnerability in WeGIA

Latest CVEs. Recently published vulnerabilities from the NVD database.

Protect Your Business with Hacker-Focused Approach.