CVE-2026-40282

Vulnerability Description

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, which is executed when user access the the page, enabling session hijacking and account takeover. Version 3.6.10 fixes the issue.

Related Weaknesses (CWE)

CWE-79

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-r6h8-7vxv-q8pp

FAQ

What is CVE-2026-40282?

CVE-2026-40282 is a documented vulnerability. WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the ...

How severe is CVE-2026-40282?

CVSS scoring is not yet available for CVE-2026-40282. Check NVD for updates.

Is there a patch for CVE-2026-40282?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.