CVE-2026-23722 — AI Deep Analysis Summary

🚨 **Essence**: Reflected XSS in WeGIA. 📉 **Consequences**: Attackers inject malicious scripts via the `id_memorando` GET parameter. Victims execute code in their browser, leading to session hijacking or data theft.

🛡️ **Root Cause**: CWE-79 (Improper Neutralization of Input). 🐛 **Flaw**: The file `html/memorando/insere_despacho.php` fails to sanitize/encode user input from the `id_memorando` parameter before rendering it in HTML.

🏢 **Vendor**: LabRedesCefetRJ (Nilson Lazarin). 📦 **Product**: WeGIA (Welfare Institution Network Manager). ⚠️ **Affected**: Versions **prior to 3.6.2**.

💻 **Privileges**: No authentication required (PR:N). 🕵️ **Data**: High impact on Confidentiality & Integrity (C:H, I:H). Hackers can steal cookies, redirect users, or deface pages via reflected script execution.

🔓 **Threshold**: LOW. 🌐 **Config**: Network Accessible (AV:N). No Privileges Required (PR:N). No User Interaction Required (UI:N). It is a trivial, remote exploit.

📜 **Public Exp**: No specific PoC code provided in data. 🔍 **Status**: Advisory confirmed via GitHub Security Advisory (GHSA-g7hh-6qj7-mcqf). Exploitation logic is straightforward given the reflection nature.

🔍 **Self-Check**: Scan for `id_memorando` parameter in `insere_despacho.php`. 🧪 **Test**: Inject `<script>alert(1)</script>` into the GET request. If reflected/executed, the system is vulnerable.

🔧 **Fix**: Upgrade to **WeGIA version 3.6.2** or later. 📥 **Source**: Official GitHub repository advisory confirms the patch exists in the newer release.

🚧 **Workaround**: If patching is delayed, implement strict input validation on the server side. 🛡️ **Mitigation**: Encode all output related to `id_memorando` using HTML entity encoding before rendering.

🔥 **Urgency**: HIGH. 🚨 **Priority**: CVSS 3.1 Score indicates Critical impact (C:H, I:H). Immediate patching is recommended due to zero-auth requirement and high severity.