WeGIA has stored XSS in profile_paciente.php_CVE-2026-40283

6.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Description

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patient information is viewed. Version 3.6.10 fixes the issue.

Basic Information

ID CVE-2026-40283

Source GitHub_M

Published Apr 17, 2026 at 20:03

Affected Product

Vendor LabRedesCefetRJ

Product WeGIA

Version < 3.6.10

Affected Versions LabRedesCefetRJ WeGIA < 3.6.10

CWE Classification

CWE-79

References

github.com /LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x74c-gwj9-6cwr

{
    "lastseen": "",
    "description": "WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the \"Nome\" field in the \"Informa\u00e7\u00f5es Pacientes\" page. The payload is stored and executed when the patient information is viewed. Version 3.6.10 fixes the issue.",
    "published": "2026-04-17T20:03:14.016Z",
    "modified": "2026-04-17T20:03:14.016Z",
    "type": "cve",
    "title": "WeGIA has stored XSS in profile_paciente.php",
    "source": "GitHub_M",
    "references": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x74c-gwj9-6cwr",
    "id": "CVE-2026-40283",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "LabRedesCefetRJ WeGIA < 3.6.10",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WeGIA",
    "version": "< 3.6.10",
    "vendor": "LabRedesCefetRJ",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}