Vulnerability Description
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?id_funcionario=2. By injecting a malicious payload into the 'Description' (Descrição) field and saving the profile, the script becomes persistently stored. The payload is subsequently executed whenever the profile page is accessed. This vulnerability is fixed in 3.7.0.
Related Weaknesses (CWE)
References
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-q6jg-hfqv-882f
- https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-q6jg-hfqv-882f
FAQ
What is CVE-2026-42870?
CVE-2026-42870 is a documented vulnerability. WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?i...
How severe is CVE-2026-42870?
CVSS scoring is not yet available for CVE-2026-42870. Check NVD for updates.
Is there a patch for CVE-2026-42870?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.