CVE-2026-40286
HIGH
NVD
CVSS Score
7.5
Severity
HIGH
Published
Apr 17, 2026
Vendor
unknown
Description
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the 'Member Registration' (Cadastrar SΓ³cio) function. By injecting a payload into the 'Member Name' (Nome SΓ³cio) field, the script is persistently stored in the database. Consequently, the payload is executed whenever a user navigates to certain URL. Version 3.6.10 fixes the issue.