Cross-site scripting in WeGIA - CVE-2025-22132
Published: January 7, 2025 / Updated: May 2, 2026
WeGIA
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary scripts in a victim's browser.
The vulnerability exists due to cross-site scripting in the file upload functionality of /WeGIA/html/socio/sistema/controller/controla_xlsx.php when handling uploaded files. A remote attacker can upload a specially crafted file containing malicious JavaScript code to execute arbitrary scripts in a victim's browser.
User interaction is required to open the uploaded file.