CVE-2026-23724 identifies a stored Cross-Site Scripting (XSS) vulnerability in the WeGIA web management system developed by LabRedesCefetRJ, specifically affecting versions prior to 3.6.2. The vulnerability resides in the html/atendido/cadastro_ocorrencia.php endpoint, where user-supplied data is incorporated into the “Atendido” dropdown selection without proper sanitization or encoding. This improper neutralization of input (CWE-79) enables an attacker with low privileges to inject malicious JavaScript code that is stored on the server and executed in the browsers of users who access the affected page. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) indicates that the attack can be performed remotely over the network, requires low attack complexity, and only low privileges, but no user interaction is needed. The impact is limited to confidentiality, as the injected script could steal session cookies or other sensitive information, but does not affect integrity or availability. Although no exploits have been observed in the wild, the vulnerability poses a risk to organizations relying on WeGIA for managing charitable institution data. The issue is resolved in WeGIA version 3.6.2 by properly sanitizing user inputs before rendering them in the dropdown. Given the nature of stored XSS, successful exploitation could facilitate further attacks such as session hijacking or phishing within the application context.

For European organizations using WeGIA, this vulnerability could lead to unauthorized disclosure of sensitive information, such as session tokens or personal data of users interacting with the application. Since WeGIA is used by charitable institutions, exploitation could undermine trust and potentially expose donor or beneficiary information. The medium severity rating reflects that while the vulnerability does not directly impact system integrity or availability, it can be leveraged for further attacks that compromise confidentiality. The requirement of low privileges means that even less-privileged insiders or compromised accounts could exploit the flaw, increasing risk. Organizations failing to update to version 3.6.2 may face reputational damage and regulatory consequences under GDPR if personal data is exposed. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as stored XSS vulnerabilities are commonly targeted once disclosed.

European organizations should immediately upgrade WeGIA installations to version 3.6.2 or later to apply the official patch that sanitizes user inputs in the affected endpoint. In addition to patching, implement strict input validation and output encoding on all user-supplied data to prevent injection of malicious scripts. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Regularly audit and monitor web application logs for unusual input patterns or script injection attempts. Educate users and administrators about the risks of XSS and encourage reporting of suspicious behavior. If patching is delayed, consider applying web application firewall (WAF) rules to detect and block typical XSS payloads targeting the vulnerable endpoint. Finally, review user privileges to minimize the number of accounts with the ability to submit data to the vulnerable field, reducing the attack surface.