WeGIA, a web manager for charitable institutions, has multiple security vulnerabilities in versions prior to 3.6.10 that allow for stored cross-site scripting and SQL injection attacks.

🚨 EUVD-2026-23525 📊 Score: 6.8/10 (CVSS v3.1) 📦 Product: WeGIA 🏢 Vendor: LabRedesCefetRJ 📅 Updated: 2026-04-17 📝 WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23525 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23523 📊 Score: 6.4/10 (CVSS v3.1) 📦 Product: WeGIA 🏢 Vendor: LabRedesCefetRJ 📅 Updated: 2026-04-17 📝 WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, which is executed... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23523 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23527 📊 Score: 6.8/10 (CVSS v3.1) 📦 Product: WeGIA 🏢 Vendor: LabRedesCefetRJ 📅 Updated: 2026-04-17 📝 WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the "Destinatário" field. The payload is stored and later... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23527 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23529 📊 Score: 8.8/10 (CVSS v3.1) 📦 Product: WeGIA 🏢 Vendor: LabRedesCefetRJ 📅 Updated: 2026-04-17 📝 WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usuario POST parameter overwrites the session-stored user identity via extract($_REQUEST) in Des... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23529 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23508 📊 Score: 7.5/10 (CVSS v3.1) 📦 Product: Anviz CrossChex Standard 🏢 Vendor: Anviz 📅 Updated: 2026-04-17 📝 Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access. 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23508 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23531 📊 Score: 7.5/10 (CVSS v3.1) 📦 Product: WeGIA 🏢 Vendor: LabRedesCefetRJ 📅 Updated: 2026-04-17 📝 WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the 'Member Registration' (Cadastrar Sócio) function. By injecting a payload into the 'Member Name' (No... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23531 #cybersecurity #infosec #euvd #cve #vulnerability