Marcostolosa

**Name of the Vulnerable Software and Affected Versions** WeGIA versions prior to 3.6.2 **Description** WeGIA is a Web Manager for Charitable Institutions. A Reflected Cross-Site Scripting (XSS) issue exists within the system, specifically in the `html/memorando/insere despacho.php` file. The application does not properly sanitize or encode user input provided through the `id memorando` GET parameter before including it in the HTML output. This allows attackers to inject arbitrary JavaScript or HTML into a user's browser session. The vulnerability allows for unauthorized JavaScript injections and potential session hijacking. The vulnerable parameter is `id memorando` within the ''insere despacho.php'' file. **Recommendations** Versions prior to 3.6.2 should be updated to version 3.6.2 or later.