CVE-2026-40286 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the 'Member…
High CVSS: 7.5

CVE-2026-40286

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the 'Member Registration' (Cadastrar Sócio) function. By injecting a payload into the 'Member Name' (Nome Sócio) field, the script is persistently stored in the database. Consequently, the payload is executed whenever a user navigates to certain URL. Version 3.6.10 fixes the issue.
Vendor
-
Product
-
CWE
CWE-79
Yayın Tarihi
2026-04-17 21:16:34
Güncelleme
2026-04-17 21:16:34
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-79 HIGH 2026

Referanslar

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-42rc-rvrx-cmmw