CVE-2026-6990 projeto-siga novo cross site scripting

A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descrição results in cross site scripting. The attack can be initiated remotely. The exploit has been made...

CVE-2026-6990

The CVE-2026-6990 affects projeto-siga siga 11.0.3.18. A vulnerability exists in an unknown function within /sigawf/app/responsavel/novo where manipulating the Nome/Descrição argument triggers cross-site scripting. The attack vector is remote, and the exploit has been published. There is no avail...

CVE-2026-40283

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patien...

CVE-2026-40283

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patien...

EUVD-2026-23525

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patien...

CVE-2026-40283

CVE-2026-40283 (WeGIA) describes a stored XSS in the WeGIA web manager for charitable institutions. In versions prior to 3.6.10, an authenticated user can inject JavaScript via the Nome field on the Informações Pacientes page; the payload is stored and executed when the patient information is vie...

CVE-2026-40283

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patien...

PT-2026-33502

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patien...

WeGIA 安全漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities, which were caused by insufficient input validation for the Nome Socio field in the Cadastrar Socio function. This vulnerability could lead to...

WeGIA 安全漏洞

WeGIA is a network manager for a welfare institution developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities. These vulnerabilities were due to a vulnerability that made it easy to be exploited by stored cross-site scripting attacks. This could allow...

CVE-2026-23725

WeGIA stores XSS in the Adopters Information page (html/pet/adotantes/cadastro_adotante.php and html/pet/adotantes/informacao_adotantes.php) where user input is rendered without sanitization, enabling persistent JavaScript execution for visitors. This vulnerability affects pre-3.6.2 versions and ...

EUVD-2017-6833

Malware in sbrugna...

EUVD-2025-26208

Malicious code in bioql PyPI...

EUVD-2025-25462

Malicious code in bioql PyPI...

CVE-2025-9720

A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The attack may be performe...

CVE-2025-9721

A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publish...

CVE-2025-9721

Portabilis i-Educar

CVE-2025-9720

A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The attack may be performe...

CVE-2025-9720 Portabilis i-Educar Cadastrar tabela de arredondamento edit cross site scripting

A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The attack may be performe...

CVE-2025-9720

Portabilis i-Educar up to 2.10 is affected. The vulnerability lies in the /module/TabelaArredondamento/edit component (Cadastrar tabela de arredundamento Page) where manipulating the Nome argument enables cross-site scripting. The issue can be exploited remotely and exploits are public. Remediati...