CVE-2026-38579

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter (line 24), the id parameter (lines 25, 75), and the ptid key parameter (lines 26, 42) in /substudy/ezform.php. User input is echoed into HTML attributes and JavaScript contexts without encoding.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-38579

Affected Products

Undefined

CVE-2026-38579

Related Identifiers

Affected Products

References · 3