{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-40286/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-40286"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["xss","web-application","cve-2026-40286"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eWeGIA, a web manager for charitable institutions, is vulnerable to Stored Cross-Site Scripting (XSS) in versions prior to 3.6.10. The vulnerability, identified as CVE-2026-40286, resides in the \u0026lsquo;Member Registration\u0026rsquo; function, specifically the \u0026lsquo;Member Name\u0026rsquo; field. Attackers can inject malicious JavaScript code into this field. Because input is not properly validated and sanitized, the injected script is then stored in the application database.  Any user accessing the profile containing the malicious script will have the script executed in their browser.  This can lead to session hijacking, credential theft, or defacement. WeGIA version 3.6.10 addresses this vulnerability by implementing proper input sanitization. This vulnerability was reported on April 17, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable WeGIA instance running a version prior to 3.6.10.\u003c/li\u003e\n\u003cli\u003eThe attacker accesses the \u0026lsquo;Member Registration\u0026rsquo; (Cadastrar Sócio) page.\u003c/li\u003e\n\u003cli\u003eIn the \u0026lsquo;Member Name\u0026rsquo; (Nome Sócio) field, the attacker injects a malicious JavaScript payload (e.g., \u003ccode\u003e\u0026lt;script\u0026gt;alert(\u0026quot;XSS\u0026quot;);\u0026lt;/script\u0026gt;\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker submits the registration form.\u003c/li\u003e\n\u003cli\u003eThe WeGIA application stores the malicious payload in the database without proper sanitization.\u003c/li\u003e\n\u003cli\u003eA legitimate user navigates to a page displaying the compromised \u0026lsquo;Member Name\u0026rsquo; field, such as a member profile page.\u003c/li\u003e\n\u003cli\u003eThe malicious JavaScript code is executed within the user\u0026rsquo;s browser.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their objective, such as stealing cookies or redirecting the user to a malicious website.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this XSS vulnerability could lead to a range of consequences, including account compromise, data theft, and website defacement. An attacker could steal session cookies and impersonate legitimate users, gaining unauthorized access to sensitive information.  Due to the vulnerability residing in a web application, impact is limited to the users of the application, potentially exposing sensitive information and allowing threat actors the ability to modify the application.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade WeGIA installations to version 3.6.10 or later to remediate CVE-2026-40286.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on all user-supplied data, especially in the \u0026lsquo;Member Name\u0026rsquo; field, to prevent XSS attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003etitle: \u0026quot;Detect WeGIA XSS Attempt via HTTP Request\u0026quot;\u003c/code\u003e to detect potential XSS payloads in HTTP requests.\u003c/li\u003e\n\u003cli\u003eEnable web server logging and monitor for suspicious activity, such as unusual characters or script tags in HTTP request parameters, to identify potential XSS attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T21:16:34Z","date_published":"2026-04-17T21:16:34Z","id":"/briefs/2026-04-wegia-xss/","summary":"A stored Cross-Site Scripting (XSS) vulnerability exists in WeGIA versions prior to 3.6.10, allowing attackers to inject malicious scripts into the 'Member Name' field during member registration, leading to persistent execution upon user access.","title":"WeGIA Stored Cross-Site Scripting Vulnerability (CVE-2026-40286)","url":"https://feed.craftedsignal.io/briefs/2026-04-wegia-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-40286","version":"https://jsonfeed.org/version/1.1"}