Share
## https://sploitus.com/exploit?id=PACKETSTORM:218771
# CVE-2026-1434: Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a...
    
    ## Overview
    
    | Field | Details |
    |---|---|
    | **CVE ID** | [CVE-2026-1434](https://nvd.nist.gov/vuln/detail/CVE-2026-1434) |
    | **Severity** | MEDIUM |
    | **Advisory** | N/A |
    | **Discovered by** | [Lukasz Rybak](https://github.com/lukasz-rybak) |
    
    ## Affected Products
    
    See advisory for details.
    
    ## CWE Classification
    
    - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    
    ## Details
    
    Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser.
    
    This issue was fixed in 4.6.7.
    
    ## References
    
    - https://nvd.nist.gov/vuln/detail/CVE-2026-1434
    - https://cert.pl/posts/2026/02/CVE-2026-1434
    - https://www.omegapsir.io
    - https://github.com/advisories/GHSA-74gw-c73g-6fq2
    
    
    ## Disclaimer
    
    This CVE was responsibly disclosed following coordinated vulnerability disclosure practices. The information provided here is for educational and defensive purposes only.