CVE-2026-23731

Published: Jan 16, 2026

Modified: Jan 16, 2026

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with frame-ancestors directive is not configured. Because of this, an attacker can load any WeGIA page inside a malicious HTML document, overlay deceptive elements, hide real buttons, or force accidental interaction with sensitive workflows. This vulnerability is fixed in 3.6.2.

Vendor	Product	Versions
LabRedesCefetRJ	WeGIA	affected `< 3.6.2`

Weaknesses (CWE)

CWE-1021

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-99qp-hjvh-c59q

x_refsource_CONFIRM

https://github.com/LabRedesCefetRJ/WeGIA/pull/1333

x_refsource_MISC

https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-23731

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References