8 matches found
CVE-2026-23725 WeGIA Stored Cross-Site Scripting (XSS) – nome Parameter on Adopters Information Page
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/pet/adotantes/cadastroadotante.php and html/pet/adotantes/informacaoadotantes.php endpoint of the WeGIA application. The application does not sanitize...
CVE-2026-23725 WeGIA Stored Cross-Site Scripting (XSS) – nome Parameter on Adopters Information Page
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/pet/adotantes/cadastroadotante.php and html/pet/adotantes/informacaoadotantes.php endpoint of the WeGIA application. The application does not sanitize...
CVE-2026-23725
WeGIA stores XSS in the Adopters Information page (html/pet/adotantes/cadastro_adotante.php and html/pet/adotantes/informacao_adotantes.php) where user input is rendered without sanitization, enabling persistent JavaScript execution for visitors. This vulnerability affects pre-3.6.2 versions and ...
CVE-2026-23725
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/pet/adotantes/cadastroadotante.php and html/pet/adotantes/informacaoadotantes.php endpoint of the WeGIA application. The application does not sanitize...
PT-2026-3309
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2 Description WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting XSS issue exists in the application due to a failure to sanitize user-controlled input before rendering it. This allows...
CISA: AI Cybersecurity Collaboration Playbook
The AI Cybersecurity Collaboration Playbook provides guidance to organizations across the AI community – including AI providers, developers, and adopters – for sharing AI-related cybersecurity information voluntarily with the Cybersecurity and Infrastructure Security Agency CISA and other partner...
GHSA-WC64-C5RV-32PF in-toto vulnerable to Configuration Read From Local Directory
Impact The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification 1. Among the files read is .intotorc which is a hidden file in the directory in which in-tot...
Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events
On October 22, security researcher Omar Ganiev published a tweet regarding remote code execution vulnerability in PHP-FPM the FastCGI Process Manager running on the Nginx server. The tweet includes a link to a GitHub repository with an explanation of the vulnerability and a PoC proof-of-concept f...