CVE-2026-23725

Vulnerability Description

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/pet/adotantes/cadastro_adotante.php and html/pet/adotantes/informacao_adotantes.php endpoint of the WeGIA application. The application does not sanitize user-controlled input before rendering it inside the Adopters Information table, allowing persistent JavaScript injection. Any user who visits the page will have the payload executed automatically. This vulnerability is fixed in 3.6.2.

Vulnerability Details

Published Date

January 16, 2026

Last Modified

January 16, 2026

CWE ID

CWE-79

Source

NVD

Vendor

LabRedesCefetRJ

Product

WeGIA

External References

https://github.com/LabRedesCefetRJ/WeGIA/pull/1333
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-c85q-4fwg-99gw

CVE-2026-23725

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment