2 matches found
CVE-2026-23724 WeGIA Stored Cross-Site Scripting (XSS) – atendido_idatendido Parameter on Occurrence Registration Page
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/atendido/cadastroocorrencia.php endpoint of the WeGIA application. The application does not sanitize user-controlled data before rendering it inside the...
CVE-2026-23724
CVE-2026-23724 affects the WeGIA web manager. A Stored Cross‑Site Scripting (XSS) vulnerability exists in the html/atendido/cadastro_ocorrencia.php endpoint where user-controlled data is rendered in the “Atendido” dropdown without sanitization. This could allow injection in Attendido_idatendido f...