CVE-2026-40283 WeGIA has stored XSS in profile_paciente.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patien...

WeGIA SQL Injection Vulnerability (CNVD-2025-17269)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/saude/profilepaciente.php endpoint idfuncionario parameter. An attacker could exploit this vulnerability...