CVE-2026-23722
Published: 16 January 2026
Summary
CVE-2026-23722 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Wegia Wegia. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of user-supplied inputs like the id_memorando GET parameter to prevent injection of malicious JavaScript payloads.
SI-15 mandates filtering and encoding of reflected outputs in HTML to block arbitrary JavaScript execution in the victim's browser.
SI-2 ensures timely remediation of the specific flaw in html/memorando/insere_despacho.php by applying the patch in WeGIA 3.6.2.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Reflected XSS in public-facing web application enables exploitation of public-facing applications (T1190), theft of session cookies via injected JavaScript (T1539), and page defacement (T1491).
NVD Description
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/insere_despacho.php file. The application fails to properly sanitize or encode user-supplied input via the…
more
id_memorando GET parameter before reflecting it into the HTML source (likely inside a <script> block or an attribute). This allows unauthenticated attackers to inject arbitrary JavaScript or HTML into the context of the user's browser session. This vulnerability is fixed in 3.6.2.
Deeper analysisAI
CVE-2026-23722 is a reflected cross-site scripting (XSS) vulnerability affecting WeGIA, a web manager for charitable institutions, in versions prior to 3.6.2. The flaw resides in the html/memorando/insere_despacho.php file, where the application fails to properly sanitize or encode user-supplied input passed via the id_memorando GET parameter. This input is reflected into the HTML source, likely within a script block or attribute, enabling injection of arbitrary JavaScript or HTML. The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-79.
Unauthenticated remote attackers can exploit this vulnerability by tricking users into visiting a maliciously crafted URL containing the payload in the id_memorando parameter. Upon access, the injected script executes in the context of the victim's browser session, potentially allowing attackers to steal sensitive data such as session cookies, perform unauthorized actions on the user's behalf, or deface the page.
The GitHub security advisory at https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-g7hh-6qj7-mcqf details the issue and confirms that it is fixed in WeGIA version 3.6.2, recommending immediate upgrades to mitigate the risk.
Details
- CWE(s)