cyberMEDIUM2026-05-11 20:25 UTC

CVE-2026-42870 - WeGIA: Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'

CVE ID :CVE-2026-42870 Published : May 11, 2026, 8:25 p.m. | 40 minutes ago Description :WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?id_fun

ORIGINAL SOURCE →via CVE Feed Latest

⚡ STAY AHEAD

Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.

GET THE SUNDAY BRIEFING →

RELATED · cyber

[CYBER] Simandou ships record quantity of iron ore, swelling Chinese stocks
[CYBER] Anthropic's Bug-Hunting Mythos Was Greatest Marketing Stunt Ever, Says cURL Creator
[CYBER] CVE-2026-43874 - WWBN AVideo: Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass
[CYBER] CVE-2026-8321 - inkeep agents runAuth Middleware runAuth.ts createDevContext authentication bypass
[CYBER] CVE-2026-8320 - jishenghua jshERP updatePlatformConfigByKey Endpoint UserService.java getUserByWeixinCode server-side request forgery
[CYBER] CVE-2026-8319 - aiwaves-cn agents cheshire_cat_core stray_cat.py recall_relevant_memories_to_working_memory resource consumption

Editorial policy · Report a correction