Medium severity6.8NVD Advisory· Published Apr 17, 2026· Updated Apr 20, 2026
CVE-2026-40284
CVE-2026-40284
Description
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the "Destinatário" field. The payload is stored and later executed when viewing the dispatch page, impacting other users. Version 3.6.10 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <3.6.10
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.