WeGIA, Stored XSS, CVE-2025-30362 (Medium)

How CVE-2025-30362 Works

The stored XSS vulnerability in WeGIA (Web manager for charitable institutions) prior to version 3.2.8 occurs due to insufficient input sanitization in user-controllable fields. Attackers inject malicious JavaScript payloads into web forms (e.g., donation comments, user profiles), which are permanently stored in the database. When legitimate users access pages containing the injected payload, the script executes in their browser context. This allows session hijacking, defacement, or credential theft. The vulnerability stems from missing output encoding when rendering user-supplied data in HTTP responses.

DailyCVE Form

Platform: WeGIA
Version: <3.2.8
Vulnerability: Stored XSS
Severity: Medium
Date: 04/10/2025

What Undercode Say:

Exploitation:

<script>alert(document.cookie)</script>

POST /donate HTTP/1.1
Host: victim.com
Content-Type: application/x-www-form-urlencoded
comment=<script>exfiltrate()</script>

Detection:

grep -r "echo $_GET" /var/www/wegia/

SELECT FROM donations WHERE comment LIKE "%<%";

Mitigation:

<?php
echo htmlspecialchars($user_input, ENT_QUOTES, 'UTF-8');
?>

add_header Content-Security-Policy "default-src 'self'";

Patch Verification:

curl -s http://localhost/version | grep "3.2.8"

Tooling:

• OWASP ZAP: `zap-cli quick-scan -s xss http://target`
• Burp Suite: XSS Validator extension

Log Analysis:

tail -f /var/log/wegia/access.log | grep -E "<script|onerror="

WAF Rules:

SecRule REQUEST_URI "@contains <script>" "id:1001,deny,status:403"

Backup Cleanup:

find /backups/ -name ".sql" -exec sed -i '/<script>/d' {} \;

References:

Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-30362
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram