CVE-2026-42870
Received Received - Intake
Stored XSS in WeGIA Web Manager Prior to 3.7.0

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: GitHub, Inc.

Description
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?id_funcionario=2. By injecting a malicious payload into the 'Description' (Descrição) field and saving the profile, the script becomes persistently stored. The payload is subsequently executed whenever the profile page is accessed. This vulnerability is fixed in 3.7.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-20
NVD
CVE-2026-42870
EUVD
EUVD-2026-29185
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
labredescefetrj wegia to 3.7.0 (exc)
labredescefetrj wegia to 3.6.10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-42870 is a Stored Cross-Site Scripting (XSS) vulnerability in the WeGIA web management application for charitable institutions. It affects versions prior to 3.7.0. The flaw exists in the 'Description' (Descrição) field of a profile page, where an attacker can inject malicious scripts. These scripts are then stored persistently and executed every time the affected profile page is accessed.

Impact Analysis

Exploitation of this vulnerability can lead to the execution of malicious scripts in the context of the affected web application. This can result in sensitive data capture such as keylogging and credential harvesting. Attackers can manipulate the page behavior and inject fraudulent fields, potentially compromising user accounts and sensitive information.

Detection Guidance

Detection of this Stored Cross-Site Scripting (XSS) vulnerability involves checking for malicious script injections in the 'Description' (descricao) field of user profiles, particularly at the endpoint 'informacao_adicional.php'.

One approach is to review the content of the 'descricao' parameter for suspicious or unexpected script tags or payloads.

Commands or methods to detect this might include:

  • Using curl or wget to fetch profile pages and inspecting the response for embedded scripts.
  • Example command: curl -s 'http://yourwegiainstance/informacao_adicional.php?id_funcionario=2' | grep -i '<script>'
  • Using web vulnerability scanners that can detect stored XSS by submitting payloads to the 'descricao' field and checking if they are executed.
  • Manually reviewing database entries for the 'descricao' field for suspicious script content.
Mitigation Strategies

The primary mitigation step is to upgrade the WeGIA application to version 3.7.0 or later, where this Stored Cross-Site Scripting vulnerability has been fixed.

Additional immediate steps include:

  • Sanitize and validate all user inputs, especially the 'Description' (descricao) field, to prevent script injection.
  • Implement Content Security Policy (CSP) headers to reduce the impact of any injected scripts.
  • Review and clean existing profiles to remove any malicious scripts stored in the 'descricao' field.
  • Limit user permissions to reduce the risk of unauthorized script injection.
Compliance Impact

The Stored Cross-Site Scripting (XSS) vulnerability in WeGIA can lead to exploitation scenarios such as sensitive data capture, including keylogging and credential harvesting. This type of data compromise can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information.

By allowing attackers to inject and execute malicious scripts, the vulnerability increases the risk of unauthorized access to user data, potentially violating data protection requirements and leading to regulatory non-compliance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42870. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart