Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Omega-PSIR: Malicious URLs Can Execute Arbitrary JavaScript
CVE-2026-1434
Summary
The Omega-PSIR application is vulnerable to a security threat that allows hackers to execute malicious code on users' browsers. This can happen when a user clicks on a specially crafted link. To fix this, update to version 4.6.7 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| pw | omega-psir | > 4.5.9 , <= 4.6.7 | – |
Original title
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser.
This issu...
Original description
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser.
This issue was fixed in 4.6.7.
This issue was fixed in 4.6.7.
nvd CVSS3.1
6.1
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://cert.pl/posts/2026/02/CVE-2026-1434 Third Party Advisory
- https://www.omegapsir.io/ Product
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026