Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-23725

created 3 months ago

WeGIA Stored Cross-Site Scripting (XSS) – nome Parameter on Adopters Information Page

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/pet/adotantes/cadastro_adotante.php and html/pet/adotantes/informacao_adotantes.php endpoint of the WeGIA application. The application does not sanitize user-controlled input before rendering it inside the Adopters Information table, allowing persistent JavaScript injection. Any user who visits the page will have the payload executed automatically. This vulnerability is fixed in 3.6.2.

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-c85q-4fwg-99gw x_refsource_CONFIRM
https://github.com/LabRedesCefetRJ/WeGIA/pull/1333 x_refsource_MISC
https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2 x_refsource_MISC

Affected products

WeGIA

==< 3.6.2

Matching in nixpkgs

pkgs.perlPackages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2
nixos-25.11 1.2
- nixpkgs-25.11-darwin 1.2

pkgs.perl538Packages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2
nixos-25.11 1.2
- nixpkgs-25.11-darwin 1.2

pkgs.perl540Packages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2