PT-2026-45724 · Unknown · Wirtualna Uczelnia

CVE-2026-34907

·

Published

2026-06-02

·

Updated

2026-06-02

CVSS v4.0

5.1

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Name of the Vulnerable Software and Affected Versions Wirtualna Uczelnia versions prior to wu#2016.437.295#0#20260327 105545
Description Reflected Cross-Site Scripting (XSS) occurs due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL containing JavaScript within the locale parameter; when a victim opens this link, the injected script executes in their browser.
Recommendations Update to a version newer than wu#2016.437.295#0#20260327 105545. Avoid using the locale parameter in affected endpoints until the update is applied.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-34907

Affected Products

Wirtualna Uczelnia