CVE-2026-35399
Received Received - Intake

Stored XSS in WeGIA Backup Filename Allows Code Execution

Vulnerability report for CVE-2026-35399, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-06

Last updated on: 2026-04-09

Assigner: GitHub, Inc.

Description

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing actions on behalf of the user. This vulnerability is fixed in 3.6.9.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-06
Last Modified
2026-04-09
Generated
2026-07-06
AI Q&A
2026-04-07
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wegia wegia to 3.6.9 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in WeGIA, a web manager for charitable institutions, is a stored Cross-Site Scripting (XSS) issue present prior to version 3.6.9.

An attacker can exploit this by injecting malicious scripts through a backup filename, which is then stored and later executed in the victim's browser.

This allows unauthorized execution of malicious code, potentially compromising session data or enabling actions to be performed on behalf of the user.

Impact Analysis

This vulnerability can lead to unauthorized execution of malicious scripts in your browser when interacting with the affected WeGIA application.

As a result, attackers could compromise your session data, steal sensitive information, or perform actions on your behalf without your consent.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade WeGIA to version 3.6.9 or later, where the stored XSS vulnerability through backup filenames has been fixed.

Detection Guidance

This vulnerability can be detected by checking for backup files with suspicious or malicious filenames containing script code, especially those uploaded to the import endpoint (importar_dump.php).

A proof-of-concept exploit uses a specially crafted gzip backup file with a filename containing an XSS payload, such as `../../../e/e/wegia`);alert(9999);;'.dump.tar.gz`.

To detect exploitation attempts or presence of malicious backup files, you can list backup files on the server and look for filenames containing suspicious characters or script tags.

  • Use commands like `ls -l` or `find` on the backup directory to identify unusual filenames.
  • Example: `find /path/to/backup/ -type f -name '*alert*'` to find files with 'alert' in the name.
  • Monitor HTTP requests to the import endpoint (`importar_dump.php`) for uploads of files with suspicious names.

Additionally, reviewing web server logs for POST requests to `importar_dump.php` with unusual filenames can help detect attempts to exploit this vulnerability.

Compliance Impact

The stored XSS vulnerability in WeGIA prior to version 3.6.9 allows attackers to inject malicious scripts that can compromise session data or execute unauthorized actions on behalf of users.

Such a vulnerability can lead to unauthorized access or disclosure of sensitive user information, which may impact compliance with data protection regulations like GDPR or HIPAA that require safeguarding personal and sensitive data.

Therefore, if exploited, this vulnerability could result in violations of these standards due to failure to adequately protect user data and maintain secure application behavior.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35399. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart