XSS in Labredescefetrj Wegia

CVE-2026-40282

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, whic…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (21.0th percentile) — read the EPSS interpretation.