Lucene search
K

1626 matches found

cve
cve
added 2026/04/17 8:3 p.m.23 views

CVE-2026-40283

CVE-2026-40283 (WeGIA) describes a stored XSS in the WeGIA web manager for charitable institutions. In versions prior to 3.6.10, an authenticated user can inject JavaScript via the Nome field on the Informações Pacientes page; the payload is stored and executed when the patient information is vie...

7.6CVSS5.8AI score0.00204EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2026/04/17 12:0 a.m.12 views

WeGIA 安全漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities. These vulnerabilities were due to susceptibility to stored-xss attacks, which could allow authenticated users to inject malicious JavaScript...

6.8CVSS5.9AI score0.0023EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/17 12:0 a.m.13 views

PT-2026-33502

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patien...

6.8CVSS5.8AI score0.00204EPSS
Exploits1References4
cnnvd
cnnvd
added 2026/04/17 12:0 a.m.13 views

WeGIA 安全漏洞

WeGIA is a network manager for a welfare institution developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities. These vulnerabilities were due to a vulnerability that made it easy to be exploited by stored cross-site scripting attacks. This could allow...

7.6CVSS5.7AI score0.00204EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/04/17 12:0 a.m.10 views

PT-2026-33514

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...

7.5CVSS5.8AI score0.00209EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/17 12:0 a.m.12 views

WeGIA 安全漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities. These vulnerabilities were due to a vulnerability that made the system susceptible to storage-type cross-site scripting attacks. This allowed...

6.4CVSS5.7AI score0.00258EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/17 12:0 a.m.9 views

PT-2026-33512

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Destinatário" field. The payload is stored and later executed when viewing the dispatch page,...

6.8CVSS5.7AI score0.0023EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/04/17 12:0 a.m.11 views

WeGIA 安全漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities, which were caused by insufficient input validation for the Nome Socio field in the Cadastrar Socio function. This vulnerability could lead to...

7.5CVSS5.7AI score0.00209EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/04/17 12:0 a.m.10 views

WeGIA 安全漏洞

WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities, which were caused by improper handling of the cpfusuario parameter in the dao/memorando/UsuarioDAO.php file. This improper handling could lead...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/17 12:0 a.m.13 views

PT-2026-33511

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, which is executed when user access the the page, enabling sessio...

6.4CVSS5.7AI score0.00258EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35472

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=EstoqueControle...

6.1CVSS6AI score0.00224EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/04/07 11:1 p.m.6 views

CVE-2026-35474

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

6.1CVSS5.8AI score0.00183EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/04/07 11:1 p.m.2 views

CVE-2026-35398

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos & listarIdNome and...

6.1CVSS6AI score0.00228EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35475

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

6.1CVSS5.9AI score0.00186EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35399

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...

8.5CVSS6.1AI score0.00288EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/04/07 11:1 p.m.6 views

CVE-2026-35395

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...

8.8CVSS6.2AI score0.00392EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/04/07 11:1 p.m.3 views

CVE-2026-35396

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IsaidaControle. The...

6.1CVSS6AI score0.00224EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/04/07 11:1 p.m.6 views

CVE-2026-35473

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IentradaControle. T...

6.1CVSS6AI score0.00183EPSS
Exploits1References1
nvd
nvd
added 2026/04/06 10:16 p.m.3 views

CVE-2026-35473

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IentradaControle. T...

6.1CVSS0.00183EPSS
Exploits1References1
nvd
nvd
added 2026/04/06 10:16 p.m.5 views

CVE-2026-35474

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

6.1CVSS0.00183EPSS
Exploits1References1
Rows per page
Query Builder