{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33135", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T20:35:49.928Z", "datePublished": "2026-03-20T10:38:44.065Z", "dateUpdated": "2026-03-20T13:44:02.877Z"}, "containers": {"cna": {"title": "WeGIA has Reflected Cross-Site Scripting (XSS) in `novo_memorandoo.php` via `sccs` parameter", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w5rv-5884-w94v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w5rv-5884-w94v"}, {"name": "https://github.com/LabRedesCefetRJ/WeGIA/pull/1459", "tags": ["x_refsource_MISC"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/pull/1459"}, {"name": "https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.7"}], "affected": [{"vendor": "LabRedesCefetRJ", "product": "WeGIA", "versions": [{"version": "< 3.6.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T10:38:44.065Z"}, "descriptions": [{"lang": "en", "value": "WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without any sanitization or encoding. The script /html/memorando/novo_memorandoo.php reads HTTP GET parameters to display dynamic success messages to the user. At approximately line 273, the code checks if $_GET['msg'] equals 'success'. If true, it directly concatenates $_GET['sccs'] into an HTML alert <div> and outputs it to the browser. This issue has been fixed in version 3.6.7."}], "source": {"advisory": "GHSA-w5rv-5884-w94v", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w5rv-5884-w94v", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T13:43:59.114929Z", "id": "CVE-2026-33135", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T13:44:02.877Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33135", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-20T13:43:59.114929Z"}}}], "references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w5rv-5884-w94v", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T13:43:52.010Z"}}], "cna": {"title": "WeGIA has Reflected Cross-Site Scripting (XSS) in `novo_memorandoo.php` via `sccs` parameter", "source": {"advisory": "GHSA-w5rv-5884-w94v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "LabRedesCefetRJ", "product": "WeGIA", "versions": [{"status": "affected", "version": "< 3.6.7"}]}], "references": [{"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w5rv-5884-w94v", "name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w5rv-5884-w94v", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/LabRedesCefetRJ/WeGIA/pull/1459", "name": "https://github.com/LabRedesCefetRJ/WeGIA/pull/1459", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.7", "name": "https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without any sanitization or encoding. The script /html/memorando/novo_memorandoo.php reads HTTP GET parameters to display dynamic success messages to the user. At approximately line 273, the code checks if $_GET['msg'] equals 'success'. If true, it directly concatenates $_GET['sccs'] into an HTML alert <div> and outputs it to the browser. This issue has been fixed in version 3.6.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-20T10:38:44.065Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33135", "state": "PUBLISHED", "dateUpdated": "2026-03-20T13:44:02.877Z", "dateReserved": "2026-03-17T20:35:49.928Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-20T10:38:44.065Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D7D6601-2E0C-45E4-BD44-829D2FD7F97C", "versionEndExcluding": "3.6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without any sanitization or encoding. The script /html/memorando/novo_memorandoo.php reads HTTP GET parameters to display dynamic success messages to the user. At approximately line 273, the code checks if $_GET['msg'] equals 'success'. If true, it directly concatenates $_GET['sccs'] into an HTML alert <div> and outputs it to the browser. This issue has been fixed in version 3.6.7."}, {"lang": "es", "value": "WeGIA es un gestor web para instituciones ben\u00e9ficas. Las versiones 3.6.6 e inferiores tienen una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado en el endpoint novo_memorandoo.php. Un atacante puede inyectar JavaScript arbitrario en el par\u00e1metro GET sccs, el cual es directamente reflejado en la respuesta HTML sin ninguna sanitizaci\u00f3n o codificaci\u00f3n. El script /html/memorando/novo_memorandoo.php lee par\u00e1metros GET HTTP para mostrar mensajes de \u00e9xito din\u00e1micos al usuario. Aproximadamente en la l\u00ednea 273, el c\u00f3digo verifica si $_GET['msg'] es igual a 'success'. Si es verdadero, concatena directamente $_GET['sccs'] en un de alerta HTML y lo env\u00eda al navegador. Este problema ha sido solucionado en la versi\u00f3n 3.6.7."}], "id": "CVE-2026-33135", "lastModified": "2026-03-20T19:25:45.043", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-20T11:18:03.360", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/pull/1459"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.7"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w5rv-5884-w94v"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-w5rv-5884-w94v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.6.7)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "WeGIA", "source": "cna", "vendor": "LabRedesCefetRJ"}, "product": "wegia", "vendor": "labredescefetrj"}], "analysis": {"en": {"generated_at": "2026-03-20T20:22:17.190665+00:00", "value": {"mitigation_remediation": ["Update WeGIA to version\u202f3.6.7 or later, which includes the patch for the reflected XSS flaw.", "If an upgrade is not immediately possible, validate or encode the sccs parameter before rendering it in the alert to prevent script execution.", "Monitor web logs for URLs containing the sccs parameter and investigate any anomalous activity.", "Consider restricting access to the nuevo_memorandoo.php endpoint until a patch is applied."], "summary": {"action": "Apply Patch", "impact": "Reflected XSS"}, "threat_synthesis": {"affected_systems": "Commercially, this issue touches the LabRedesCefetRJ WeGIA web manager, specifically versions 3.6.6 and earlier. The affected component is the novo_memorandoo.php endpoint, which outputs success messages by echoing the sccs parameter into an HTML alert. All deployments of WeGIA running these versions are at risk until the patch is applied. The vulnerability is officially documented in the product\u2019s cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:* representation.", "description_and_impact": "Researchers identified a Reflected Cross\u2011Site Scripting (XSS) flaw in WeGIA\u2019s novo_memorandoo.php module. The flaw allows an attacker to embed arbitrary JavaScript code through the sccs GET parameter without any form of filtering or encoding. When a user accepts a crafted link, the malicious script runs in the victim\u2019s browser, potentially leading to defacement, credential theft, or session hijacking. The weakness originates from the direct concatenation of user input into an HTML alert element, corresponding to the Common Weakness Enumeration CWE\u201179.", "risk_and_exploitability": "The CVSS rating of 9.3 classifies the flaw as Critical, and the EPSS score of less than 1\u202f% indicates that exploitation is not yet widespread, though the vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely by simply having a user browse a crafted URL containing malicious sccs content; no authentication is required. If successful, the payload executes with the victim\u2019s browser privileges, allowing attackers to steal session cookies or deface the interface."}}}}, "created": "2026-03-20T14:13:40.235194+00:00", "updated": "2026-03-25T14:29:30.334731+00:00", "vendors": ["labredescefetrj", "labredescefetrj$PRODUCT$wegia"]}