CVE-2026-33135
Reflected XSS in WeGIA novo_memorandoo.php Allows Script Injection
Publication date: 2026-03-20
Last updated on: 2026-03-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wegia | wegia | to 3.6.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-33135 is a critical Reflected Cross-Site Scripting (XSS) vulnerability in the WeGIA web manager application, specifically in the novo_memorandoo.php endpoint.'}, {'type': 'paragraph', 'content': "The vulnerability occurs because the application takes user input from the 'sccs' GET parameter and directly inserts it into an HTML alert div without any sanitization or encoding."}, {'type': 'paragraph', 'content': 'This means an attacker can inject arbitrary JavaScript code that will be executed in the browser of any user who visits a specially crafted URL.'}, {'type': 'paragraph', 'content': 'The issue affects versions 3.6.6 and below and was fixed in version 3.6.7 by adding proper input sanitization.'}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This Reflected XSS vulnerability allows attackers to execute arbitrary JavaScript code in the context of an authenticated user's browser session."}, {'type': 'list_item', 'content': 'Attackers can steal session cookies such as PHPSESSID, potentially hijacking user sessions.'}, {'type': 'list_item', 'content': "Unauthorized administrative actions can be performed by exploiting the victim's authenticated session."}, {'type': 'list_item', 'content': 'Users can be redirected to malicious phishing sites, leading to further compromise.'}, {'type': 'paragraph', 'content': 'Overall, this can lead to significant security breaches including loss of confidentiality and integrity.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the vulnerable endpoint with a crafted URL that injects JavaScript code into the sccs GET parameter and observing if the script executes in the browser.'}, {'type': 'paragraph', 'content': 'A practical detection method is to use a web browser or tools like curl to send a request similar to the following:'}, {'type': 'list_item', 'content': 'curl -i "https://your-wegia-domain/html/memorando/novo_memorandoo.php?msg=success&sccs=<script>alert(\'XSS_Test\')</script>"'}, {'type': 'paragraph', 'content': 'If the response contains the injected script without sanitization and the alert executes in a browser, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'Alternatively, security scanners or proxy tools like Burp Suite can be used to automate detection of reflected XSS by injecting payloads into the sccs parameter and analyzing the response.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the WeGIA application to version 3.6.7 or later, where the vulnerability has been fixed by proper input sanitization.
If upgrading is not immediately possible, apply input sanitization or encoding on the sccs GET parameter to prevent script injection.
Additionally, consider implementing Web Application Firewall (WAF) rules to detect and block malicious payloads targeting the sccs parameter.
Educate users to avoid clicking suspicious links and monitor logs for unusual requests to the novo_memorandoo.php endpoint.