CVE-2026-23722 is a reflected Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management system developed by LabRedesCefetRJ, specifically affecting versions prior to 3.6.2. The vulnerability resides in the html/memorando/insere_despacho.php file, where the application fails to properly neutralize user-supplied input passed via the id_memorando GET parameter. This input is directly reflected into the HTML response without adequate sanitization or encoding, likely within a script block or an HTML attribute context. As a result, an unauthenticated attacker can craft a malicious URL containing JavaScript payloads that execute in the victim’s browser when the URL is accessed. This can lead to session hijacking, credential theft, unauthorized actions on behalf of the user, or distribution of malware. The vulnerability has a CVSS v3.1 base score of 9.1, reflecting its critical nature due to network exploitability (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction needed (UI:N), and high impact on confidentiality and integrity (C:H/I:H). Although no public exploits have been reported yet, the ease of exploitation and severity make it a high-risk issue. The vendor has addressed the vulnerability in WeGIA version 3.6.2 by implementing proper input validation and output encoding. Organizations running earlier versions remain vulnerable until patched.

For European organizations using WeGIA, this vulnerability poses a significant threat to the confidentiality and integrity of sensitive data managed within the platform, including potentially sensitive information related to charitable activities. Successful exploitation could allow attackers to hijack user sessions, steal credentials, manipulate displayed content, or perform unauthorized actions under the guise of legitimate users. This could lead to reputational damage, data breaches, and regulatory non-compliance, especially under GDPR requirements for protecting personal data. Since WeGIA is used by charitable institutions, exploitation could disrupt critical social services or donor relations. The lack of required authentication and user interaction increases the risk of widespread exploitation if attackers target these organizations. Additionally, the reflected XSS could be used as a vector to deliver further malware or phishing attacks against users. The impact is heightened in environments where WeGIA is integrated with other internal systems or where users have elevated privileges.

1. Immediately upgrade all WeGIA installations to version 3.6.2 or later, where the vulnerability is patched. 2. Implement strict input validation and output encoding on all user-supplied data, especially parameters reflected in HTML or script contexts. 3. Deploy a robust Content Security Policy (CSP) to restrict the execution of unauthorized scripts and reduce the impact of potential XSS payloads. 4. Conduct regular security audits and code reviews focusing on input handling and output encoding practices. 5. Educate users and administrators about the risks of clicking on suspicious links and encourage the use of security tools such as browser extensions that can detect and block XSS attempts. 6. Monitor web server logs for unusual or suspicious GET requests targeting the id_memorando parameter or similar vectors. 7. Consider implementing Web Application Firewalls (WAFs) with rules designed to detect and block reflected XSS attacks targeting WeGIA. 8. Ensure that session management mechanisms use secure, HttpOnly, and SameSite cookies to mitigate session hijacking risks.