CVE-2026-35399
Received Received - Intake
Stored XSS in WeGIA Backup Filename Allows Code Execution

Publication date: 2026-04-06

Last updated on: 2026-04-09

Assigner: GitHub, Inc.

Description
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing actions on behalf of the user. This vulnerability is fixed in 3.6.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-06
Last Modified
2026-04-09
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-35399
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wegia wegia to 3.6.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in WeGIA, a web manager for charitable institutions, is a stored Cross-Site Scripting (XSS) issue present prior to version 3.6.9.

An attacker can exploit this by injecting malicious scripts through a backup filename, which is then stored and later executed in the victim's browser.

This allows unauthorized execution of malicious code, potentially compromising session data or enabling actions to be performed on behalf of the user.

Impact Analysis

This vulnerability can lead to unauthorized execution of malicious scripts in your browser when interacting with the affected WeGIA application.

As a result, attackers could compromise your session data, steal sensitive information, or perform actions on your behalf without your consent.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade WeGIA to version 3.6.9 or later, where the stored XSS vulnerability through backup filenames has been fixed.

Compliance Impact

The stored XSS vulnerability in WeGIA prior to version 3.6.9 allows attackers to inject malicious scripts that can compromise session data or execute unauthorized actions on behalf of users.

Such a vulnerability can lead to unauthorized access or disclosure of sensitive user information, which may impact compliance with data protection regulations like GDPR or HIPAA that require safeguarding personal and sensitive data.

Therefore, if exploited, this vulnerability could result in violations of these standards due to failure to adequately protect user data and maintain secure application behavior.

Detection Guidance

This vulnerability can be detected by checking for backup files with suspicious or malicious filenames containing script code, especially those uploaded to the import endpoint (importar_dump.php).

A proof-of-concept exploit uses a specially crafted gzip backup file with a filename containing an XSS payload, such as `../../../e/e/wegia`);alert(9999);;'.dump.tar.gz`.

To detect exploitation attempts or presence of malicious backup files, you can list backup files on the server and look for filenames containing suspicious characters or script tags.

  • Use commands like `ls -l` or `find` on the backup directory to identify unusual filenames.
  • Example: `find /path/to/backup/ -type f -name '*alert*'` to find files with 'alert' in the name.
  • Monitor HTTP requests to the import endpoint (`importar_dump.php`) for uploads of files with suspicious names.

Additionally, reviewing web server logs for POST requests to `importar_dump.php` with unusual filenames can help detect attempts to exploit this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35399. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart