CVE-2026-23731

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23731
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23731.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-23731
Aliases
  • GHSA-99qp-hjvh-c59q
Published
2026-01-16T19:50:16.344Z
Modified
2026-02-01T05:52:39.884407Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
Summary
WeGIA Clickjacking Vulnerability
Details

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with frame-ancestors directive is not configured. Because of this, an attacker can load any WeGIA page inside a malicious HTML document, overlay deceptive elements, hide real buttons, or force accidental interaction with sensitive workflows. This vulnerability is fixed in 3.6.2.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23731.json",
    "cwe_ids": [
        "CWE-1021"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/labredescefetrj/wegia

Affected ranges

Type
GIT
Repo
https://github.com/labredescefetrj/wegia
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
650e84448985b3fb44276b6def5544bd9478ee45

Affected versions

0.*
0.9.4-beta
3.*
3.3.0
3.3.1
3.3.2
3.3.3
3.4.0
3.4.1
3.4.10
3.4.11
3.4.12
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.5.5
3.6.0
3.6.1
v1.*
v1.0
v2.*
v2.0
v2.0-beta
v3.*
v3.0
v3.1
v3.2.0
v3.2.10
v3.2.11
v3.2.12
v3.2.13
v3.2.14
v3.2.15
v3.2.16
v3.2.17
v3.2.6
v3.2.7
v3.2.8
v3.2.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23731.json"