2 matches found
CVE-2026-33136
WeGIA Web Manager (versions ≤ 3.6.6) contains a Reflected XSS in listar_memorandos_ativos.php via the sccd parameter, where $_GET['sccd'] is echoed into the HTML without sanitization. This is triggered when $_GET['msg'] equals 'success' and results in an HTML alert containing the attacker-supplie...
CVE-2026-33135
WeGIA is a web manager for charitable institutions. Affected versions: 3.6.6 and earlier. The issue is a Reflected Cross‑Site Scripting (XSS) in the endpoint /html/memorando/novo_memorandoo.php, where the GET parameter sccs is echoed into the HTML response without sanitization when msg equals 'su...