Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2026-35399

created 1 month, 2 weeks ago Activity log

Created suggestion 1 month, 2 weeks ago

WeGIA has Stored XSS in backup file names

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing actions on behalf of the user. This vulnerability is fixed in 3.6.9.

References

https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-fmwv-62wf-2hgx x_refsource_CONFIRM

Affected products

WeGIA

==< 3.6.9

Matching in nixpkgs

pkgs.perlPackages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2
nixos-25.11 1.2
- nixos-25.11-small 1.2
- nixpkgs-25.11-darwin 1.2

pkgs.perl5Packages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-unstable 1.2
- nixpkgs-unstable 1.2
- nixos-unstable-small 1.2

pkgs.perl538Packages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-25.11 1.2
- nixos-25.11-small 1.2
- nixpkgs-25.11-darwin 1.2

pkgs.perl540Packages.SnowballNorwegian

Porters stemming algorithm for norwegian

nixos-25.11 1.2
- nixos-25.11-small 1.2
- nixpkgs-25.11-darwin 1.2