CVE-2026-42870
Stored XSS in WeGIA Web Manager Prior to 3.7.0
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-42870 is a Stored Cross-Site Scripting (XSS) vulnerability in the WeGIA web management application for charitable institutions. It affects versions prior to 3.7.0. The flaw exists in the 'Description' (Descrição) field of a profile page, where an attacker can inject malicious scripts. These scripts are then stored persistently and executed every time the affected profile page is accessed.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to the execution of malicious scripts in the context of the affected web application. This can result in sensitive data capture such as keylogging and credential harvesting. Attackers can manipulate the page behavior and inject fraudulent fields, potentially compromising user accounts and sensitive information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Stored Cross-Site Scripting (XSS) vulnerability involves checking for malicious script injections in the 'Description' (descricao) field of user profiles, particularly at the endpoint 'informacao_adicional.php'.
One approach is to review the content of the 'descricao' parameter for suspicious or unexpected script tags or payloads.
Commands or methods to detect this might include:
- Using curl or wget to fetch profile pages and inspecting the response for embedded scripts.
- Example command: curl -s 'http://yourwegiainstance/informacao_adicional.php?id_funcionario=2' | grep -i '<script>'
- Using web vulnerability scanners that can detect stored XSS by submitting payloads to the 'descricao' field and checking if they are executed.
- Manually reviewing database entries for the 'descricao' field for suspicious script content.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the WeGIA application to version 3.7.0 or later, where this Stored Cross-Site Scripting vulnerability has been fixed.
Additional immediate steps include:
- Sanitize and validate all user inputs, especially the 'Description' (descricao) field, to prevent script injection.
- Implement Content Security Policy (CSP) headers to reduce the impact of any injected scripts.
- Review and clean existing profiles to remove any malicious scripts stored in the 'descricao' field.
- Limit user permissions to reduce the risk of unauthorized script injection.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The Stored Cross-Site Scripting (XSS) vulnerability in WeGIA can lead to exploitation scenarios such as sensitive data capture, including keylogging and credential harvesting. This type of data compromise can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information.
By allowing attackers to inject and execute malicious scripts, the vulnerability increases the risk of unauthorized access to user data, potentially violating data protection requirements and leading to regulatory non-compliance.