VYPR
Medium severity6.8NVD Advisory· Published Apr 17, 2026· Updated Apr 27, 2026

CVE-2026-40283

CVE-2026-40283

Description

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patient information is viewed. Version 3.6.10 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Wegia/Wegia2 versions
    cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*range: <3.6.10
    • (no CPE)range: <3.6.10

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.