CVE-2026-34907

UNKNOWN 0.0

Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the injected script will be executed in their browser. This issue affects Wirtualna Uczelnia versions up to wu#2016.437.295#0#20260327_105545

CWE	CWE-79
Vendor	simple sa
Product	wirtualna uczelnia
Published	Jun 2, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for simple sa wirtualna uczelnia

Be the first to know when new unknown vulnerabilities affecting simple sa wirtualna uczelnia are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Simple SA / Wirtualna Uczelnia

0 ≤ wu#2016.437.295#0#20260327_105545

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/posts/2026/06/CVE-2026-34906 simple.com.pl: https://simple.com.pl/branze/edukacyjna/

Credits

Dawid Małecki - VIPentest