CVE-2026-34907— Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia

AI Predicted 6.1 Difficulty: Easy Updated Jun 02, 2026

Possible ATT&CK Techniques 2AI

T1059.007 · JavaScript T1189 · Drive-by Compromise

Updated Jun 02, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-34907

AIGC Shenlong Model
NVD (National Vulnerability Database)

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia

Source: NVD (National Vulnerability Database)

Vulnerability Description

Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the injected script will be executed in their browser. This issue affects Wirtualna Uczelnia versions up to wu#2016.437.295#0#20260327_105545

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Simple SA	Wirtualna Uczelnia	0 ~ wu#2016.437.295#0#20260327_105545	-

II. Public POCs for CVE-2026-34907

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-34907

请登录查看更多情报信息。

Security Blog Posts for CVE-2026-34907 (1)

🔗 Podatności w oprogramowaniu Wirtualna Uczelnia | CERT Polskathird-party-advisory

Vendor Pages for CVE-2026-34907 (1)

🔗 Oprogramowanie dla uczelni wyższych – system ERP - Simpleproduct

https://nvd.nist.gov/vuln/detail/CVE-2026-34907

IV. Related Vulnerabilities

Same product: Wirtualna Uczelnia

Same vendor: Simple SA

Same weakness: CWE-79

V. Comments for CVE-2026-34907

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-34907— Reflected Cross-Site Scripting (XSS) in Wirtualna Uczelnia

Possible ATT&CK Techniques 2AI

I. Basic Information for CVE-2026-34907

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-34907

III. Intelligence Information for CVE-2026-34907

Security Blog Posts for CVE-2026-34907 (1)

Vendor Pages for CVE-2026-34907 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-34907

Leave a comment