Back to search
CVE-2026-34907
Published: Jun 2, 2026
Modified: Jun 2, 2026
PUBLISHED
Description
Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the injected script will be executed in their browser. This issue affects Wirtualna Uczelnia versions up to wu#2016.437.295#0#20260327_105545
| Vendor | Product | Versions |
|---|---|---|
Simple SA | Wirtualna Uczelnia | affected 0 - <= wu#2016.437.295#0#20260327_105545 |
Weaknesses (CWE)
References
https://cert.pl/posts/2026/06/CVE-2026-34906
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now