Plattform
php
Komponente
wegia
Behoben in
3.6.3
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in WeGIA, a Web Manager for Charitable Institutions. This flaw allows unauthenticated attackers to inject arbitrary JavaScript or HTML into the context of a user's browser session. Versions of WeGIA prior to 3.6.2 are affected, and the vulnerability is fixed in version 3.6.2.
The XSS vulnerability resides within the html/memorando/inseredespacho.php file, specifically in how it handles the idmemorando GET parameter. An attacker can craft a malicious URL containing JavaScript code within this parameter. When a user clicks on this URL, the injected script executes within their browser context. This can lead to session hijacking, credential theft, defacement of the WeGIA interface, or redirection to malicious websites. The impact is significant as it can compromise the security of the entire charitable institution using WeGIA, potentially exposing sensitive donor and beneficiary data.
CVE-2026-23722 was publicly disclosed on January 16, 2026. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability's CVSS score of 9.1 (CRITICAL) indicates a high probability of exploitation if left unaddressed. It is not currently listed on the CISA KEV catalog.
Charitable institutions and organizations utilizing WeGIA version 3.6.2 or earlier are at significant risk. This includes organizations relying on WeGIA for donor management, financial tracking, and other critical operations. Shared hosting environments where multiple organizations share the same server infrastructure are particularly vulnerable, as a compromise of one WeGIA instance could potentially impact others.
• php: Examine the html/memorando/inseredespacho.php file for inadequate input sanitization of the idmemorando parameter.
• generic web: Monitor access logs for requests containing JavaScript code in the idmemorando parameter (e.g., ?idmemorando=<script>alert('XSS')</script>).
• generic web: Check response headers for signs of JavaScript injection.
• generic web: Use curl to test the endpoint with a simple XSS payload: curl 'http://wegia-instance.com/html/memorando/inseredespacho.php?idmemorando=<script>alert("XSS")</script>'
disclosure
Exploit-Status
EPSS
0.11% (29% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade WeGIA to version 3.6.2 or later, which contains the fix for this vulnerability. If upgrading is not immediately possible, consider implementing a Web Application Firewall (WAF) rule to filter requests containing suspicious JavaScript code in the id_memorando parameter. Input validation and output encoding should be implemented to sanitize user-supplied data before rendering it in HTML. Regularly review and update the WeGIA installation to ensure it is running the latest security patches.
Aktualisieren Sie WeGIA auf Version 3.6.2 oder höher. Diese Version enthält die Korrektur für die XSS-Schwachstelle. Laden Sie die neueste Version von der offiziellen Website des Anbieters oder über die bereitgestellten Update-Kanäle herunter.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-23722 is a critical Reflected Cross-Site Scripting (XSS) vulnerability in WeGIA versions up to 3.6.2, allowing attackers to inject malicious JavaScript code.
You are affected if you are using WeGIA version 3.6.2 or earlier. Immediately check your version and apply the necessary updates.
Upgrade WeGIA to version 3.6.2 or later. Consider implementing a WAF rule to filter malicious requests as an interim measure.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of future attacks.
Refer to the WeGIA website and security advisories for the official announcement and detailed remediation steps.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.