CVE-2026-33135 in WeGIAالمعلومات

الملخص

بحسب MITRE • 20/03/2026

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without any sanitization or encoding. The script /html/memorando/novo_memorandoo.php reads HTTP GET parameters to display dynamic success messages to the user. At approximately line 273, the code checks if $_GET['msg'] equals 'success'. If true, it directly concatenates $_GET['sccs'] into an HTML alert <div> and outputs it to the browser. This issue has been fixed in version 3.6.7.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

17/03/2026

إفشاء

20/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-352064

EPSS

0.00052

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-33135
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-33135
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-33135/

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!