CVE-2026-40283

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.10

Description WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) issue allows an authenticated user to inject malicious JavaScript through the Nome field on the 'Informações Pacientes' page. The payload is stored and executed when patient information is viewed.

Recommendations Update to version 3.6.10.