Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-35399

created 1 week, 4 days ago

WeGIA has Stored XSS in backup file names

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing actions on behalf of the user. This vulnerability is fixed in 3.6.9.

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-fmwv-62wf-2hgx x_refsource_CONFIRM

Affected products

WeGIA

==< 3.6.9

Matching in nixpkgs

pkgs.perlPackages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2
nixos-25.11 1.2
- nixos-25.11-small 1.2
- nixpkgs-25.11-darwin 1.2

pkgs.perl5Packages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2

pkgs.perl538Packages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-25.11 1.2
- nixos-25.11-small 1.2
- nixpkgs-25.11-darwin 1.2

pkgs.perl540Packages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-25.11 1.2
- nixos-25.11-small 1.2
- nixpkgs-25.11-darwin 1.2