NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-40282

Summary	WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, which is executed when user access the the page, enabling session hijacking and account takeover. Version 3.6.10 fixes the issue.
Publication Date	April 18, 2026, 6:16 a.m.
Registration Date	April 19, 2026, 4:08 a.m.
Last Update	April 18, 2026, 6:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-r6h8-7vxv-q8pp	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html