CVE-2026-35399 — WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized — CVE Database · The Intelligence Room