Key Information Vulnerability Type Cross-Site Scripting (XSS): Reflected Cross-Site Scripting Affected Endpoint and Parameter Affected Endpoint: Affected Parameter: Affected Versions Affected Versions: <= 3.4.2 Fixed Version: 3.4.7 Description Vulnerability Description: A reflected XSS vulnerability was discovered in the endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts via the parameter. Details Vulnerable Request: GET Issue: The application fails to validate and sanitize user input in the parameter, allowing malicious payloads to be injected and reflected back in the server's response, subsequently executed in the victim's browser context. PoC (Proof of Concept) Payload: Impact Potential Impact: - Theft of user login credentials - Defacement of the website - Execution of any action the user is authorized to perform - Redirection of users to competing sites Severity CVSS v3 Base Metrics: - Attack Vector: Network - Attack Complexity: Low - Required Privileges: None - User Interaction: Required - Scope: Unchanged - Confidentiality: High - Integrity: None - Availability: None CVE ID: CVE-2025-57765 Weakness: CWE-79