Simple Sa Wirtualna Uczelnia vulnerabilities
3 known vulnerabilities affecting simple_sa/wirtualna_uczelnia.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-34906P2CRITICALCVSS 9.3≤ wu#2016.437.295#0#20260327_1055452026-06-02
CVE-2026-34906 [CRITICAL] CWE-1336 CVE-2026-34906: Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to pe
Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed on the server. Successful exploitation can allo
nvd
CVE-2025-12140P3CRITICALCVSS 9.3fixed in wu#2016.1.5513#0#20251014_1133532025-11-27
CVE-2025-12140 [CRITICAL] CWE-95 CVE-2025-12140: The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution.
This issue was fixed in version wu#2016.1.5513#0#202510
nvd
CVE-2026-34907P4MEDIUMCVSS 5.1≤ wu#2016.437.295#0#20260327_1055452026-06-02
CVE-2026-34907 [MEDIUM] CWE-79 CVE-2026-34907: Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of
Wirtualna Uczelnia is vulnerable to Reflected Cross‑Site Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints. An attacker can craft a malicious URL with JavaScript embedded in the locale parameter and send it to a victim. When the victim opens the link, the injected script will be executed in their browser.
Th
nvd