Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-23722
9.1 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
WeGIA has a Reflected Cross-Site Scripting (XSS) vulnerability allowing arbitrary code execution and UI redressing.
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/insere_despacho.php file. The application fails to properly sanitize or encode user-supplied input via the id_memorando GET parameter before reflecting it into the HTML source (likely inside a <script> block or an attribute). This allows unauthenticated attackers to inject arbitrary JavaScript or HTML into the context of the user's browser session. This vulnerability is fixed in 3.6.2.
References
-
https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g7hh-6qj7-mcqf x_refsource_CONFIRM
Affected products
WeGIA
- ==< 3.6.2
Matching in nixpkgs
pkgs.perlPackages.SnowballNorwegian
Porters stemming algorithm for norwegian
pkgs.perl538Packages.SnowballNorwegian
Porters stemming algorithm for norwegian
pkgs.perl540Packages.SnowballNorwegian
Porters stemming algorithm for norwegian