VYPR
← All advisories
Medium severityNVD Advisory· Published Jun 2, 2026

CVE-2026-34907

CVE-2026-34907

Description

Wirtualna Uczelnia is vulnerable to Reflected XSS via the locale parameter, allowing attackers to execute JavaScript in victim browsers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Wirtualna Uczelnia is vulnerable to Reflected XSS via the locale parameter, allowing attackers to execute JavaScript in victim browsers.

Vulnerability

Wirtualna Uczelnia is vulnerable to Reflected Cross-Site Scripting (XSS) due to the insecure handling of the locale parameter across multiple endpoints. This vulnerability affects all versions of Wirtualna Uczelnia up to and including wu#2016.437.295#0#20260327_105545 [2].

Exploitation

An attacker can craft a malicious URL containing JavaScript embedded within the locale parameter. By tricking a victim into clicking this URL, the attacker can trigger the execution of the injected script within the victim's browser context [2].

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser. This can lead to session hijacking, credential theft, or redirection to malicious websites, compromising the user's interaction with the application [2].

Mitigation

This vulnerability affects Wirtualna Uczelnia versions up to wu#2016.437.295#0#20260327_105545. A patched version is not yet disclosed in the available references. Users are advised to consult vendor advisories for the latest information on fixes or workarounds [2].

References
  1. Podatności w oprogramowaniu Wirtualna Uczelnia

AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.