Main Vulnerability Database Vulnerabilities #VU127316

Cross-site scripting in WeGIA - CVE-2026-23725

Published: April 23, 2026

Vulnerability identifier: #VU127316

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-23725

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LabReDeS

Affected software:
WeGIA

Detailed vulnerability description

The vulnerability allows a remote user to execute arbitrary JavaScript in the victim's browser.

The vulnerability exists due to cross-site scripting in the Adopters Information table in html/pet/adotantes/informacao_adotantes.php when rendering adopter records containing user-controlled nome input. A remote user can save a specially crafted adopter name to execute arbitrary JavaScript in the victim's browser.

The injected payload is stored and executes automatically when the Adopters Information page is loaded.

How to mitigate CVE-2026-23725

Install security update from vendor's website.

Cross-site scripting in WeGIA - CVE-2026-23725

Detailed vulnerability description

How to mitigate CVE-2026-23725

Sources

Please verify you're human