Back to search
CVE-2026-40282
Published: Apr 17, 2026
Modified: Apr 20, 2026
PUBLISHED
Description
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, which is executed when user access the the page, enabling session hijacking and account takeover. Version 3.6.10 fixes the issue.
| Vendor | Product | Versions |
|---|---|---|
LabRedesCefetRJ | WeGIA | affected < 3.6.10 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now