Skip to main content

Omega Psir CVE-2026-1434

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-02-27 cvd@cert.pl
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 27, 2026 - 11:16 nvd
MEDIUM 6.1

DescriptionCVE.org

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser.

This issue was fixed in 4.6.7.

AnalysisAI

Omega Psir contains a reflected cross-site scripting (XSS) vulnerability in the lang parameter that allows attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. The vulnerability affects unauthenticated users who click on attacker-controlled links, potentially enabling session hijacking, credential theft, or malware distribution. No patch is currently available for this MEDIUM severity flaw.

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects the lang component of Omega-Psir. Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser.

This issue was fixed in 4.6.7.

RemediationAI

Fixed in version 4.6.7.. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

Share

CVE-2026-1434 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy