Reflected Cross-Site Scripting in Wirtualna Uczelnia by Simple
CVE-2026-34907

5.1MEDIUM

Key Information:

Vendor: Simple Sa
Status: Wirtualna Uczelnia
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-34907?

Wirtualna Uczelnia exhibits a vulnerability that allows for Reflected Cross-Site Scripting (XSS) due to the insecure handling of the 'locale' parameter across several endpoints. An attacker can exploit this vulnerability by crafting a malicious URL embedded with JavaScript within the locale parameter. When a user clicks the link, the browser executes the injected script, potentially compromising the user's session and allowing further exploitation.

Affected Version(s)

Wirtualna Uczelnia 0

References

https://cert.pl/posts/2026/06/CVE-2026-34906

third-party-advisory

https://simple.com.pl/branze/edukacyjna/

product

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Mar 31, 2026

Credit

Dawid Małecki - VIPentest

CVE-2026-34907 Data

JSON

Simple Sa

What is CVE-2026-34907?

Affected Version(s)

References

CVSS V4

Timeline

Credit