XSS in Simple Sa Wirtualna Uczelnia

CVE-2026-34907

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (15.0th percentile) — read the EPSS interpretation.

Affected products

Simple Sa Wirtualna Uczelnia — versions 0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cvd@cert.pl (third-party-advisory)
cvd@cert.pl (product)