5 matches found
CVE-2026-42870 WeGIA: Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...
CVE-2026-42870
WeGIA is affected by a Stored XSS in versions prior to 3.7.0 at funcionario/profile_funcionario.php?id_funcionario=2, where an attacker can inject a payload into the Description field that is saved and later executed when the profile page is opened. CVSSv4 data assigns a base score of 6.4 (MEDIUM...
EUVD-2026-29185
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...
PT-2026-39735
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profile funcionario.php?id funcionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving...
WeGIA 跨站脚本漏洞
WeGIA is a web manager for welfare institutions developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Description field in the funcionario/profilefuncionario.php endpoint not being cleaned properly, which...