CVE-2026-23724 is a stored Cross-Site Scripting (XSS) vulnerability identified in the WeGIA web management system developed by LabRedesCefetRJ, targeting charitable institutions. The flaw resides in the html/atendido/cadastro_ocorrencia.php endpoint, where user-supplied data is incorporated into the “Atendido” selection dropdown without proper sanitization or encoding. This improper neutralization of input (CWE-79) allows attackers to inject malicious JavaScript code that is stored on the server and executed in the browsers of users who access the affected page. The vulnerability requires an attacker to have network access and low privileges (PR:L) but does not require user interaction (UI:N), making it easier to exploit in automated or targeted attacks. The impact primarily affects confidentiality, as attackers could steal session cookies or other sensitive information accessible via the browser context. The vulnerability does not affect integrity or availability directly. The issue was fixed in WeGIA version 3.6.2 by properly sanitizing user input before rendering it in the dropdown. No known exploits are currently reported in the wild, but the presence of stored XSS in a web management tool used by charitable organizations poses a risk of targeted attacks or phishing campaigns leveraging the trusted platform. The CVSS score of 4.3 reflects a medium severity, considering the ease of exploitation and limited impact scope.

For European organizations using WeGIA, particularly those managing charitable or social service operations, this vulnerability could lead to unauthorized disclosure of sensitive information such as session tokens or personal data through malicious script execution in users' browsers. This could facilitate further attacks like account hijacking or phishing. While the vulnerability does not directly compromise system integrity or availability, the confidentiality breach can undermine trust in the platform and lead to reputational damage. Given the nature of WeGIA’s user base, exploitation could also impact vulnerable populations served by these institutions. The risk is heightened in environments where multiple users access the application and where security awareness may be limited. Additionally, the lack of required user interaction means that exploitation can occur silently, increasing the threat to European entities relying on this software.

The primary mitigation is to upgrade all WeGIA instances to version 3.6.2 or later, where the vulnerability is patched. Organizations should also implement strict input validation and output encoding on all user-supplied data, especially in dropdowns and form fields, to prevent injection of malicious scripts. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Conduct regular security audits and penetration testing focusing on web application input handling. Monitor logs and user activity for unusual behavior related to the vulnerable endpoint. Educate users about the risks of XSS and encourage cautious handling of unexpected content. If immediate patching is not feasible, consider applying web application firewall (WAF) rules to detect and block suspicious payloads targeting the affected parameter. Finally, maintain an incident response plan to quickly address any exploitation attempts.