CVE-2026-35399

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.9

Description WeGIA, a Web manager for charitable institutions, is affected by a stored cross-site scripting (XSS) issue. An attacker can inject malicious scripts through a backup filename. Successful exploitation could lead to unauthorized execution of malicious code in the victim’s browser, potentially compromising session data or enabling actions on behalf of the user.

Recommendations Update to version 3.6.9 or later.