CVE-2026-23722

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2

Description WeGIA is a Web Manager for Charitable Institutions. A Reflected Cross-Site Scripting (XSS) issue exists within the system, specifically in the html/memorando/insere despacho.php file. The application does not properly sanitize or encode user input provided through the id memorando GET parameter before including it in the HTML output. This allows attackers to inject arbitrary JavaScript or HTML into a user's browser session. The vulnerability allows for unauthorized JavaScript injections and potential session hijacking. The vulnerable parameter is id memorando within the ''insere despacho.php'' file.

Recommendations Versions prior to 3.6.2 should be updated to version 3.6.2 or later.