{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T09:36:16.257","vulnerabilities":[{"cve":{"id":"CVE-2026-23731","sourceIdentifier":"security-advisories@github.com","published":"2026-01-16T20:15:51.327","lastModified":"2026-01-30T18:30:32.513","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with frame-ancestors directive is not configured. Because of this, an attacker can load any WeGIA page inside a malicious HTML document, overlay deceptive elements, hide real buttons, or force accidental interaction with sensitive workflows. This vulnerability is fixed in 3.6.2."},{"lang":"es","value":"WeGIA es un gestor web para instituciones benéficas. Anterior a 3.6.2, la aplicación web es vulnerable a ataques de clickjacking. La aplicación WeGIA no envía ningún encabezado HTTP defensivo relacionado con la protección contra el encuadre. En particular, falta X-Frame-Options y Content-Security-Policy con la directiva frame-ancestors no está configurado. Debido a esto, un atacante puede cargar cualquier página de WeGIA dentro de un documento HTML malicioso, superponer elementos engañosos, ocultar botones reales o forzar la interacción accidental con flujos de trabajo sensibles. Esta vulnerabilidad está corregida en 3.6.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1021"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wegia:wegia:*:*:*:*:*:*:*:*","versionEndExcluding":"3.6.2","matchCriteriaId":"419B3A85-5754-4198-A73E-92A9DA8E7A68"}]}]}],"references":[{"url":"https://github.com/LabRedesCefetRJ/WeGIA/pull/1333","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/LabRedesCefetRJ/WeGIA/releases/tag/3.6.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-99qp-hjvh-c59q","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}