Medium severity6.1NVD Advisory· Published Apr 6, 2026· Updated Apr 9, 2026
CVE-2026-35399
CVE-2026-35399
Description
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing actions on behalf of the user. This vulnerability is fixed in 3.6.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: < 3.6.9
Patches
Vulnerability mechanics
References
1- github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-fmwv-62wf-2hgxnvdExploitVendor Advisory
News mentions
0No linked articles in our index yet.