Vulners
Lucene search
đ Omega-PSIR Cross Site Scripting
đď¸Â 13 Apr 2026 00:00:00Reported by Ĺukasz RybakType 
 packetstormđ packetstorm.newsđ 62 Views
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | Exploit for Cross-site Scripting in Pw Omega-Psir | 11 Apr 202619:15 | â | githubexploit |
 | CVE-2026-1434 | 27 Feb 202610:32 | â | attackerkb |
 | CVE-2026-1434 | 26 Feb 202611:55 | â | circl |
 | Omega-PSIR 表çŤčćŹćźć´ | 27 Feb 202600:00 | â | cnnvd |
 | CVE-2026-1434 | 27 Feb 202610:32 | â | cve |
 | CVE-2026-1434 Reflected XSS in Omega-PSIR | 27 Feb 202610:32 | â | cvelist |
 | EUVD-2026-9021 | 27 Feb 202612:31 | â | euvd |
 | CVE-2026-1434 | 27 Feb 202611:16 | â | nvd |
 | CVE-2026-1434 | 27 Feb 202611:16 | â | osv |
 | PT-2026-22330 | 27 Feb 202600:00 | â | ptsecurity |
10
# CVE-2026-1434: Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a...
## Overview
| Field | Details |
|---|---|
| **CVE ID** | [CVE-2026-1434](https://nvd.nist.gov/vuln/detail/CVE-2026-1434) |
| **Severity** | MEDIUM |
| **Advisory** | N/A |
| **Discovered by** | [Lukasz Rybak](https://github.com/lukasz-rybak) |
## Affected Products
See advisory for details.
## CWE Classification
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
## Details
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victimâs browser.
This issue was fixed in 4.6.7.
## References
- https://nvd.nist.gov/vuln/detail/CVE-2026-1434
- https://cert.pl/posts/2026/02/CVE-2026-1434
- https://www.omegapsir.io
- https://github.com/advisories/GHSA-74gw-c73g-6fq2
## Disclaimer
This CVE was responsibly disclosed following coordinated vulnerability disclosure practices. The information provided here is for educational and defensive purposes only.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Apr 2026 00:00Current
5.2Medium risk
Vulners AI Score5.2
CVSS 3.16.1
CVSS 45.1
EPSS0.00158
SSVC