Labredescefetrj - Wegia - CRITICAL - CVE-2026-33136. The WeGIA web manager for charitable organizations is vulnerable to reflected cross-site scripting (XSS) due to improper handling of user input in the listar_memorandos_ativos.php endpoint. Specifically, the vulnerability occurs when an attacker crafts a malicious request that includes arbitrary JavaScript or HTML tags within the sccd GET parameter. When this parameter is echoed back into the HTML response without appropriate sanitization or encoding, it allows the attacker to execute scripts in the context of the user's session. This flaw is present in versions 3.6.6 and earlier, and it has been addressed in version 3.6.7.