CVE-2026-42872 in WeGIAالمعلومات

الملخص

بحسب MITRE • 11/05/2026

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting (XSS) vulnerability exists in lista_arquivos_etapa.php due to improper handling of user-supplied input. The id_processo parameter is directly embedded into the HTML without sanitization, allowing attackers to inject arbitrary JavaScript. This can lead to session hijacking, credential theft, or execution of malicious actions in the context of the victim's browser. This vulnerability is fixed in 3.7.0.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

30/04/2026

إفشاء

11/05/2026

الاعتدال

تمت الموافقة

إدخال

VDB-362763

CPE

جاهز

CWE

CWE-79 (مؤكد)

CVSS

6.1 (CNA)

EPSS

0.00039

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-42872
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-42872
CVE Details	https://www.cvedetails.com/cve/CVE-2026-42872/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!