GHSA-jcmf-mmvx-3hgcMediumCVSS 6.1

Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte...

Published
June 5, 2026
Last Modified
June 9, 2026

🔗 CVE IDs covered (1)

📋 Description

Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter (line 24), the id parameter (lines 25, 75), and the ptid_key parameter (lines 26, 42) in /substudy/ezform.php. User input is echoed into HTML attributes and JavaScript contexts without encoding.

🔗 References (4)