CVE-2026-23731

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.2

Description WeGIA, a web manager for charitable institutions, is susceptible to clickjacking attacks. The application lacks defensive HTTP headers for framing protection, specifically missing the X-Frame-Options header and a Content-Security-Policy with a frame-ancestors directive. This allows an attacker to load WeGIA pages within a malicious HTML document, potentially overlaying deceptive elements or forcing unintended user interactions with sensitive workflows.

Recommendations Update to version 3.6.2 or later.