CVE-2026-23724

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2

Description WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) issue exists in the application due to insufficient sanitization of user-controlled data before rendering it within the “Atendido” selection dropdown. The vulnerability is located in the html/atendido/cadastro ocorrencia.php API endpoint.

Recommendations Update to version 3.6.2 or later.