CVE-2026-23722

WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/insere_despacho.php file. The application fails to properly sanitize or encode user-supplied input via the id_memorando GET parameter before reflecting it into the HTML source (likely inside a <script> block or an attribute). This allows unauthenticated attackers to inject arbitrary JavaScript or HTML into the context of the user's browser session. This vulnerability is fixed in 3.6.2.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*

History

17 Jun 2026, 10:21

Type Values Removed Values Added
Summary
  • (es) WeGIA es un Gestor Web para Instituciones Benéficas. Antes de 3.6.2, se descubrió una vulnerabilidad de cross-site scripting (XSS) reflejado en el sistema WeGIA, específicamente dentro del archivo html/memorando/insere_despacho.PHP. La aplicación no logra sanear o codificar correctamente la entrada proporcionada por el usuario a través del parámetro GET id_memorando antes de reflejarla en el código fuente HTML (probablemente dentro de un bloque

30 Jan 2026, 18:27

Type Values Removed Values Added
First Time Wegia wegia
Wegia
CPE cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*
References () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g7hh-6qj7-mcqf - () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g7hh-6qj7-mcqf - Exploit, Mitigation, Vendor Advisory

16 Jan 2026, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-16 20:15

Updated : 2026-06-17 10:21


NVD link : CVE-2026-23722

Mitre link : CVE-2026-23722

CVE.ORG link : CVE-2026-23722


JSON object : View

Products Affected

wegia

  • wegia
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')