Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7.CreditsŁukasz RybakReferenceshttps://cert.pl/posts/2026/02/CVE-2026-1434https://www.omegapsir.io/
