## https://sploitus.com/exploit?id=5A907AFA-12F4-5A01-8740-7146E6F96289
# CVE-2026-1434: Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a...
## Overview
| Field | Details |
|---|---|
| **CVE ID** | CVE-2026-1434 |
| **Vulnerability Type** | Cross-Site Scripting (XSS) |
| **Severity** | MEDIUM |
| **Discovered by** | [Lukasz Rybak](https://github.com/lukasz-rybak) |
## Description
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser.
This issue was fixed in 4.6.7.
## Affected Products
See advisory for details.
## CWE Classification
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
## References
- https://nvd.nist.gov/vuln/detail/CVE-2026-1434
- https://cert.pl/posts/2026/02/CVE-2026-1434
- https://www.omegapsir.io
- https://github.com/advisories/GHSA-74gw-c73g-6fq2
## Disclaimer
This CVE was responsibly disclosed following coordinated vulnerability disclosure practices. The information provided here is for educational and defensive purposes only.