CVE-2026-23724

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/atendido/cadastro_ocorrencia.php endpoint of the WeGIA application. The application does not sanitize user-controlled data before rendering it inside the “Atendido” selection dropdown. This vulnerability is fixed in 3.6.2.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*

History

17 Jun 2026, 10:21

Type Values Removed Values Added
Summary
  • (es) WeGIA es un gestor web para instituciones benéficas. Previo a la 3.6.2, se identificó una vulnerabilidad de cross-site scripting (XSS) almacenado en el endpoint html/atendido/cadastro_ocorrencia.php de la aplicación WeGIA. La aplicación no sanitiza los datos controlados por el usuario antes de renderizarlos dentro del menú desplegable de selección 'Atendido'. Esta vulnerabilidad está corregida en la 3.6.2.

30 Jan 2026, 18:29

Type Values Removed Values Added
CPE cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*
First Time Wegia wegia
Wegia
References () https://github.com/LabRedesCefetRJ/WeGIA/pull/1333 - () https://github.com/LabRedesCefetRJ/WeGIA/pull/1333 - Issue Tracking, Patch
References () https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2 - () https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2 - Release Notes
References () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-3r3q-8573-g3cq - () https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-3r3q-8573-g3cq - Exploit, Vendor Advisory

16 Jan 2026, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-16 20:15

Updated : 2026-06-17 10:21


NVD link : CVE-2026-23724

Mitre link : CVE-2026-23724

CVE.ORG link : CVE-2026-23724


JSON object : View

Products Affected

wegia

  • wegia
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')