PT-2026-33511 · Wegia · Wegia
Published
2026-04-17
·
Updated
2026-04-18
·
CVE-2026-40282
CVSS v4.0
6.4
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
WeGIA versions prior to 3.6.10
Description
A Stored Cross-Site Scripting (XSS) issue allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page. This script executes when a user accesses the page, potentially leading to session hijacking and account takeover.
Recommendations
Update to version 3.6.10.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wegia