CVE-2026-42872

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting XSS vulnerability exists in listaarquivosetapa.php due to improper handling of user-supplied input. The idprocesso parameter is directly embedded into the HTML without sanitization,...

PMB 7.4.6 - Cross-Site Scripting

PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/exportz3950new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authenticatio...