{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-38579", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-06-05T14:36:43.189Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-06-05T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-06-05T14:36:43.189Z"}, "descriptions": [{"lang": "en", "value": "Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter (line 24), the id parameter (lines 25, 75), and the ptid_key parameter (lines 26, 42) in /substudy/ezform.php. User input is echoed into HTML attributes and JavaScript contexts without encoding."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/damasac/thaipalliative_lte/blob/57b57630fb403eba524533062ef5244e9b7c4380/substudy/ezform.php#L14"}, {"url": "https://github.com/theemperorspath/advisories/blob/main/2026/CVE-2026-38579.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter (line 24), the id parameter (lines 25, 75), and the ptid_key parameter (lines 26, 42) in /substudy/ezform.php. User input is echoed into HTML attributes and JavaScript contexts without encoding."}], "id": "CVE-2026-38579", "lastModified": "2026-06-05T16:04:48.437", "metrics": {}, "published": "2026-06-05T15:16:52.850", "references": [{"source": "cve@mitre.org", "url": "https://github.com/damasac/thaipalliative_lte/blob/57b57630fb403eba524533062ef5244e9b7c4380/substudy/ezform.php#L14"}, {"source": "cve@mitre.org", "url": "https://github.com/theemperorspath/advisories/blob/main/2026/CVE-2026-38579.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred"}

{}

{"created": "2026-06-05T16:00:11.996256+00:00", "title": "Reflected XSS in damasac thaipalliative_lte ezform.php via idFormMain, id, and ptid_key Parameters", "updated": "2026-06-05T16:00:11.996272+00:00", "vendors": [], "weaknesses": ["CWE-79"]}