Lucene search
K

654 matches found

EUVD
EUVD
added 2026/04/17 8:27 p.m.6 views

EUVD-2026-23531

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...

7.5CVSS5.8AI score0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:25 p.m.4 views

CVE-2026-40285

WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/17 8:25 p.m.3 views

CVE-2026-40285 WeGIA has SQL Injection via Session Variable Override in DespachoControle.php

WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...

8.8CVSS6.1AI score0.00266EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/17 8:25 p.m.12 views

EUVD-2026-23529

WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/17 8:24 p.m.7 views

EUVD-2026-23527

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Destinatário" field. The payload is stored and later executed when viewing the dispatch page,...

6.8CVSS5.7AI score0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/17 8:24 p.m.21 views

CVE-2026-40284 WeGIA has stored XSS in listar_despachos.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Destinatário" field. The payload is stored and later executed when viewing the dispatch page,...

6.8CVSS0.0023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:24 p.m.9 views

CVE-2026-40284

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Destinatário" field. The payload is stored and later executed when viewing the dispatch page,...

6.8CVSS5.7AI score0.0023EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/17 8:24 p.m.3 views

CVE-2026-40284 WeGIA has stored XSS in listar_despachos.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Destinatário" field. The payload is stored and later executed when viewing the dispatch page,...

6.8CVSS5.9AI score0.0023EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/17 8:16 p.m.7 views

EUVD-2026-23523

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, which is executed when user access the the page, enabling sessio...

6.4CVSS5.7AI score0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:3 p.m.3 views

CVE-2026-40283

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patien...

6.8CVSS5.8AI score0.00204EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/17 8:3 p.m.3 views

CVE-2026-40283 WeGIA has stored XSS in profile_paciente.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patien...

6.8CVSS5.9AI score0.00204EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.13 views

PT-2026-33514

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...

7.5CVSS5.8AI score0.00209EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.14 views

PT-2026-33502

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patien...

6.8CVSS5.8AI score0.00204EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.6 views

CVE-2026-35399

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...

8.5CVSS6.1AI score0.00288EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.6 views

CVE-2026-35475

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

6.1CVSS5.9AI score0.00186EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 10:16 p.m.3 views

CVE-2026-35473

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IentradaControle. T...

6.1CVSS0.00183EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 10:16 p.m.4 views

CVE-2026-35475

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

6.1CVSS0.00186EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:17 p.m.2 views

CVE-2026-35475

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

5.1CVSS5.9AI score0.00186EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/06 9:17 p.m.5 views

EUVD-2026-19510

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

5.1CVSS5.9AI score0.00186EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 9:13 p.m.7 views

EUVD-2026-19508

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

5.1CVSS5.8AI score0.00183EPSS
Exploits1References1
Rows per page
Query Builder