CVE-2026-33135 in WeGIA정보

요약

\~에 의해 MITRE • 2026. 03. 20.

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without any sanitization or encoding. The script /html/memorando/novo_memorandoo.php reads HTTP GET parameters to display dynamic success messages to the user. At approximately line 273, the code checks if $_GET['msg'] equals 'success'. If true, it directly concatenates $_GET['sccs'] into an HTML alert <div> and outputs it to the browser. This issue has been fixed in version 3.6.7.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

GitHub M

예약하다

2026. 03. 17.

모더레이션

수락

항목

VDB-352064

EPSS

0.00052

KEV

아니요

활동

매우 낮음

출처

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-33135
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-33135
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-33135/

이전개요다음

Do you know our Splunk app?

Download it now for free!