XSS in Labredescefetrj Wegia
CVE-2026-42870
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?id_funcionario=2. By injecting a malicio…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.001 (19.5th percentile) — read the EPSS interpretation.
Affected products
- Labredescefetrj Wegia — versions < 3.7.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)