WeGIA has a Reflected Cross-Site Scripting (XSS) vulnerability allowing arbitrary code execution and UI redressing.

WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/insere_despacho.php file. The application fails to properly sanitize or encode user-supplied input via the id_memorando GET parameter before reflecting it into the HTML source (likely inside a <script> block or an attribute). This allows unauthenticated attackers to inject arbitrary JavaScript or HTML into the context of the user's browser session. This vulnerability is fixed in 3.6.2.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

WeGIA 跨站脚本漏洞

WeGIA是Nilson Lazarin个人开发者的一个福利机构的网络管理器。 WeGIA 3.6.2之前版本存在跨站脚本漏洞，该漏洞源于html/memorando/insere_despacho.php文件未正确清理或编码用户通过id_memorando GET参数提供的输入，可能导致反射型跨站脚本攻击。

N/A

N/A