Primary

Context

WeGIA Clickjacking Vulnerability

Vulnerability

Patched

A clickjacking vulnerability has been identified in WeGIA, a web management application for charitable institutions, in versions prior to 3.6.2. The application lacks proper HTTP headers to protect against framing attacks, specifically missing the X-Frame-Options header and not configuring the Content-Security-Policy to restrict frame ancestors. This absence allows attackers to embed WeGIA pages within malicious HTML documents, overlay deceptive elements, conceal genuine buttons, or inadvertently trigger interactions with sensitive processes.

Impact

Exploitation of this vulnerability allows for clickjacking attacks, where users can be manipulated into interacting with the application in unintended ways, potentially leading to unauthorized actions or disclosure of sensitive information.

Remediation

Users can update to WeGIA version 3.6.2 or later, where this vulnerability has been fixed. Instructions for downloading the latest version are available on the WeGIA GitHub releases page.

Added: Jan 16, 2026, 8:21 PM

Updated: Jan 16, 2026, 8:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

7.9

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

7.9

relevance

2.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WeGIA Clickjacking Vulnerability

Vulnerability

Impact

Remediation

Affected Products

LabRedesCefetRJ WeGIA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating