8 matches found
CVE-2026-33136
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
CVE-2026-33136 WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
EUVD-2026-13682
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
CVE-2026-33136 WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
CVE-2026-33136
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
CVE-2026-33136 WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
CVE-2026-33136
WeGIA Web Manager (versions ≤ 3.6.6) contains a Reflected XSS in listar_memorandos_ativos.php via the sccd parameter, where $_GET['sccd'] is echoed into the HTML without sanitization. This is triggered when $_GET['msg'] equals 'success' and results in an HTML alert containing the attacker-supplie...
PT-2026-26607
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listar memorandos ativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed in...