Volerion logoVolerion
Volerion logoVolerion

WeGIA Stored Cross-Site Scripting Vulnerability in Member Registration Function

Vulnerability

A stored cross-site scripting vulnerability has been identified in WeGIA, a web management tool for charitable institutions, in versions prior to 3.6.10. The issue arises in the 'Member Registration' function, where injected scripts in the 'Member Name' field are persistently stored in the database. This payload is executed when users visit specific URLs, including the contributions page.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user's browser. This could lead to keylogging, credential harvesting, or phishing attacks by manipulating the page to capture sensitive information.

Reproduction

To reproduce this vulnerability, register a new member and inject a script payload into the 'Member Name' field. Once the member is registered, the injected script will be executed when viewing the contributions page.

Remediation

Users can update to WeGIA version 3.6.10 or later, where this vulnerability has been fixed.

Added: Apr 17, 2026, 10:08 PM
Updated: Apr 17, 2026, 10:08 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
1.7
exploitability
4.4
remediation
7.7
relevance
6.1
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.