Lucene search
K

1626 matches found

CVE
CVE
added 2026/05/11 6:32 p.m.15 views

CVE-2026-42872

WeGIA is affected by a reflected XSS in listar_arquivos_etapa.php (id_processo parameter) prior to version 3.7.0, where unsanitized user input is embedded into HTML. This can enable an attacker to inject arbitrary JavaScript, potentially leading to session hijacking, credential theft, or maliciou...

6.1CVSS6AI score0.00178EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:32 p.m.9 views

EUVD-2026-29187

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting XSS vulnerability exists in listaarquivosetapa.php due to improper handling of user-supplied input. The idprocesso parameter is directly embedded into the HTML without sanitization,...

6.1CVSS6AI score0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 6:32 p.m.32 views

CVE-2026-42870 WeGIA: Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...

6.4CVSS0.00281EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 6:32 p.m.16 views

CVE-2026-42870

WeGIA is affected by a Stored XSS in versions prior to 3.7.0 at funcionario/profile_funcionario.php?id_funcionario=2, where an attacker can inject a payload into the Description field that is saved and later executed when the profile page is opened. CVSSv4 data assigns a base score of 6.4 (MEDIUM...

6.4CVSS5.8AI score0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 6:32 p.m.10 views

CVE-2026-42870 WeGIA: Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...

6.4CVSS5.8AI score0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 6:31 p.m.40 views

CVE-2026-42871 WeGIA: Error Handling familiar_docfamiliar

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiardocfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the...

6.9CVSS0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.9 views

EUVD-2026-29186

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiardocfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the...

6.9CVSS5.8AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 6:31 p.m.15 views

CVE-2026-42871

The CVE concerns WeGIA, a web manager for charitable institutions. In versions prior to 3.7.0, the script atendido/familiar_docfamiliar.php reveals an overly descriptive error message that includes database-related details. This information disclosure can help an attacker map the backend infrastr...

6.9CVSS5.8AI score0.00253EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

WeGIA 跨站脚本漏洞

WeGIA is a network manager for a welfare institution developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-xss scripts, which could allow authenticated users to inject malicious JavaScript into the...

6.8CVSS5.7AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39739

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Processo de Aceitação html/atendido/processo aceitacao.php page, which is executed when user access...

6.8CVSS5.8AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

WeGIA 跨站脚本漏洞

WeGIA is a network manager for a welfare institution developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-cross-site scripting, which could allow authenticated users to inject malicious JavaScript into...

6.8CVSS5.7AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

WeGIA 信息泄露漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.10 contained a vulnerability related to information leakage. This vulnerability stemmed from the return of overly detailed error messages during file uploads,...

5.8AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

WeGIA 跨站脚本漏洞

WeGIA is a web manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the idprocesso parameter being directly embedded in HTML without proper cleaning, which could lead to...

6.1CVSS5.6AI score0.00178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39725

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar docfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping th...

6.9CVSS5.8AI score0.00253EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

WeGIA 信息泄露漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained an information leakage vulnerability. This vulnerability stemmed from the overly detailed error messages displayed by atendido/familiardocfamiliar.php, which could lead to...

6.9CVSS5.8AI score0.00253EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.5 views

CVE-2026-40282

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, which is executed when user access the the page, enabling sessio...

6.4CVSS5.8AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.7 views

CVE-2026-40283

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patien...

7.6CVSS5.8AI score0.00204EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.5 views

CVE-2026-40285

WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...

8.8CVSS6AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2026/04/17 9:16 p.m.4 views

CVE-2026-40282

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, which is executed when user access the the page, enabling sessio...

6.4CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/04/17 9:16 p.m.8 views

CVE-2026-40284

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Destinatário" field. The payload is stored and later executed when viewing the dispatch page,...

6.8CVSS0.0023EPSS
Exploits0References1
Rows per page
Query Builder