NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-34907

Summary	Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the injected script will be executed in their browser. This issue affects Wirtualna Uczelnia versions up to wu#2016.437.295#0#20260327_105545
Publication Date	June 2, 2026, 7:16 p.m.
Registration Date	June 3, 2026, 4:17 a.m.
Last Update	June 2, 2026, 10:54 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.pl/posts/2026/06/CVE-2026-34906	cvd@cert.pl
2	https://simple.com.pl/branze/edukacyjna/	cvd@cert.pl

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html