Stored Cross-Site Scripting Vulnerability in WeGIA Web Management Software
CVE-2026-40282

6.4MEDIUM

Key Information:

Vendor: Labredescefetrj
Status: Wegia
Vendor: CVE Published:; 17 April 2026

🔔 Create Labredescefetrj Vulnerability Alert

What is CVE-2026-40282?

The WeGIA Web Manager for charitable institutions has a Stored Cross-Site Scripting vulnerability that affects versions prior to 3.6.10. This flaw allows authenticated users to inject malicious JavaScript into the Intercorrências notification page. When other users access this page, the injected scripts are executed, potentially leading to session hijacking and unauthorized account access. Upgrading to version 3.6.10 addresses this critical issue and mitigates the associated risks.

Affected Version(s)

WeGIA < 3.6.10

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisor...

x_refsource_CONFIRM

CVSS V4

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40282 Data

JSON