CVE-2026-38579 in thaipalliative_lteinfo

Summary

by MITRE • 06/05/2026

Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter (line 24), the id parameter (lines 25, 75), and the ptid_key parameter (lines 26, 42) in /substudy/ezform.php. User input is echoed into HTML attributes and JavaScript contexts without encoding.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

MITRE

Reservation

04/06/2026

Disclosure

06/05/2026

Moderation

accepted

Entry

VDB-368920

CPE

ready

CWE

CWE-79 (confirmed)

CVSS

4.3 (VulDB)

EPSS

0.00000

KEV

Activities

low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-38579
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-38579
CVE Details	https://www.cvedetails.com/cve/CVE-2026-38579/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!