CVE-2026-33135 - Vulnerability Analysis
CriticalCVSS: 9.3Last Updated: March 20, 2026
WeGIA - Reflected XSS
Overview
WeGIA <= 3.6.6 contains a reflected XSS caused by unsanitized injection of the "sccs" GET parameter in novo_memorandoo.php, letting attackers inject arbitrary JavaScript, exploit requires crafted HTTP request.
Severity & Score
Impact
Attackers can execute arbitrary JavaScript in users' browsers, leading to session hijacking or phishing attacks.
Mitigation
Upgrade to version 3.6.7 or later.
References
Social Media Activity(1 post)
š“ CVE-2026-33135 - Critical (9.3) WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, wh... š https://www.thehackerwire.com/vulnerability/CVE-2026-33135/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-33135
- Severity
- Critical
- CVSS Score
- 9.3
- Type
- reflected_xss
- Status
- confirmed
- EPSS
- 2.8%
- Social Posts
- 1
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N