EUVD-2026-19500
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Tags
Description
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing actions on behalf of the user. This vulnerability is fixed in 3.6.9.
Analysis
Stored cross-site scripting (XSS) in WeGIA Web manager for charitable institutions allows remote attackers to inject malicious scripts via specially crafted backup filenames, leading to session hijacking or unauthorized actions performed in victim browsers. Affects versions prior to 3.6.9. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all instances of WeGIA Web Manager in production and document current versions. Within 7 days: Contact WeGIA support to confirm patch availability timeline and request interim security guidance; implement file upload restrictions on backup functionality if technically feasible. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today