top of page
perceptive_background_267k.jpg

WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, speā€¦

Published:

15 January 2026 at 23:00:00

Alert date:

16 January 2026 at 21:01:29

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in WeGIA, a Web Manager for Charitable Institutions, prior to version 3.6.2. The vulnerability exists in the html/memorando/insere_despacho.php file where the application fails to properly sanitize user-supplied input via the id_memorando GET parameter. This allows unauthenticated attackers to inject arbitrary JavaScript or HTML into the user's browser session context. The vulnerability occurs when user input is reflected into the HTML source, likely within a script block or attribute. The issue has been fixed in version 3.6.2 of WeGIA.

Technical details

Mitigation steps:

Affected products:

WeGIA

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-23722
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g7hh-6qj7-mcqf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page