Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 09 Jun 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Reflected XSS in damasac thaipalliative_lte ezform.php via idFormMain, id, and ptid_key Parameters |
Tue, 09 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Sun, 07 Jun 2026 11:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Damasac
Damasac thaipalliative Lte |
|
| Vendors & Products |
Damasac
Damasac thaipalliative Lte |
Fri, 05 Jun 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Reflected XSS in damasac thaipalliative_lte ezform.php via idFormMain, id, and ptid_key Parameters | |
| Weaknesses | CWE-79 |
Fri, 05 Jun 2026 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter (line 24), the id parameter (lines 25, 75), and the ptid_key parameter (lines 26, 42) in /substudy/ezform.php. User input is echoed into HTML attributes and JavaScript contexts without encoding. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-06-09T13:21:04.473Z
Reserved: 2026-04-06T00:00:00.000Z
Link: CVE-2026-38579
Updated: 2026-06-09T13:20:55.456Z
Status : Deferred
Published: 2026-06-05T15:16:52.850
Modified: 2026-06-09T14:16:38.647
Link: CVE-2026-38579
No data.
OpenCVE Enrichment
Updated: 2026-06-09T16:00:06Z