Primary

Context

WeGIA Stored Cross-Site Scripting Vulnerability in Backup Filename Handling

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in WeGIA, a web management tool for charitable institutions, affecting versions prior to 3.6.9. The vulnerability allows attackers to inject malicious scripts through backup filenames, leading to the unauthorized execution of scripts in the victim's browser. This could compromise session data or allow actions to be performed on behalf of the user.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, upload a backup file through the 'importar_dump.php' endpoint, using a filename that includes a script payload, such as a JavaScript alert. After the file is uploaded, the injected script will be executed when the backup list is accessed.

Remediation

Users can update to WeGIA version 3.6.9 or later to address this vulnerability.

Added: Apr 6, 2026, 9:19 PM

Updated: Apr 6, 2026, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

4.4

remediation

7.7

relevance

5.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

4.4

remediation

7.7

relevance

5.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WeGIA Stored Cross-Site Scripting Vulnerability in Backup Filename Handling

Vulnerability

Impact

Reproduction

Remediation

Affected Products

LabRedesCefetRJ WeGIA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating