1626 matches found
CVE-2026-42872
WeGIA is affected by a reflected XSS in listar_arquivos_etapa.php (id_processo parameter) prior to version 3.7.0, where unsanitized user input is embedded into HTML. This can enable an attacker to inject arbitrary JavaScript, potentially leading to session hijacking, credential theft, or maliciou...
EUVD-2026-29187
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting XSS vulnerability exists in listaarquivosetapa.php due to improper handling of user-supplied input. The idprocesso parameter is directly embedded into the HTML without sanitization,...
CVE-2026-42870 WeGIA: Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...
CVE-2026-42870
WeGIA is affected by a Stored XSS in versions prior to 3.7.0 at funcionario/profile_funcionario.php?id_funcionario=2, where an attacker can inject a payload into the Description field that is saved and later executed when the profile page is opened. CVSSv4 data assigns a base score of 6.4 (MEDIUM...
CVE-2026-42870 WeGIA: Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...
CVE-2026-42871 WeGIA: Error Handling familiar_docfamiliar
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiardocfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the...
EUVD-2026-29186
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiardocfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the...
CVE-2026-42871
The CVE concerns WeGIA, a web manager for charitable institutions. In versions prior to 3.7.0, the script atendido/familiar_docfamiliar.php reveals an overly descriptive error message that includes database-related details. This information disclosure can help an attacker map the backend infrastr...
WeGIA 跨站脚本漏洞
WeGIA is a network manager for a welfare institution developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-xss scripts, which could allow authenticated users to inject malicious JavaScript into the...
PT-2026-39739
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Processo de Aceitação html/atendido/processo aceitacao.php page, which is executed when user access...
WeGIA 跨站脚本漏洞
WeGIA is a network manager for a welfare institution developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-cross-site scripting, which could allow authenticated users to inject malicious JavaScript into...
WeGIA 信息泄露漏洞
WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.10 contained a vulnerability related to information leakage. This vulnerability stemmed from the return of overly detailed error messages during file uploads,...
WeGIA 跨站脚本漏洞
WeGIA is a web manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the idprocesso parameter being directly embedded in HTML without proper cleaning, which could lead to...
PT-2026-39725
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar docfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping th...
WeGIA 信息泄露漏洞
WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained an information leakage vulnerability. This vulnerability stemmed from the overly detailed error messages displayed by atendido/familiardocfamiliar.php, which could lead to...
CVE-2026-40282
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, which is executed when user access the the page, enabling sessio...
CVE-2026-40283
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patien...
CVE-2026-40285
WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...
CVE-2026-40282
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, which is executed when user access the the page, enabling sessio...
CVE-2026-40284
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Destinatário" field. The payload is stored and later executed when viewing the dispatch page,...