Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/05/11 6:32 p.m.8 views

CVE-2026-42870 WeGIA: Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...

6.4CVSS5.8AI score0.00281EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 6:32 p.m.13 views

CVE-2026-42870

WeGIA is affected by a Stored XSS in versions prior to 3.7.0 at funcionario/profile_funcionario.php?id_funcionario=2, where an attacker can inject a payload into the Description field that is saved and later executed when the profile page is opened. CVSSv4 data assigns a base score of 6.4 (MEDIUM...

6.4CVSS5.8AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:32 p.m.10 views

EUVD-2026-29185

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...

6.4CVSS5.8AI score0.00281EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.20 views

PT-2026-39735

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profile funcionario.php?id funcionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving...

6.4CVSS5.8AI score0.00281EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare institutions developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Description field in the funcionario/profilefuncionario.php endpoint not being cleaned properly, which...

6.4CVSS5.6AI score0.00281EPSS
Exploits0References1
Rows per page
Query Builder