CVE-2026-23725

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2

Description WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) issue exists in the application due to a failure to sanitize user-controlled input before rendering it. This allows for persistent JavaScript injection within the Adopters Information table. Visiting the affected page will automatically execute the injected payload. The vulnerable API endpoints are /html/pet/adotantes/cadastro adotante.php and /html/pet/adotantes/informacao adotantes.php.

Recommendations Update to version 3.6.2 or later.