A vulnerability was found in damasac thaipalliative_lte up to 3.0 . It has been classified as problematic . Affected by this issue is some unknown functionality of the file /substudy/ezform.php of the component HTML Attribute Handler . Performing a manipulation of the argument idFormMain results in HTML injection. This vulnerability is cataloged as CVE-2026-38579 . It is possible to initiate the attack remotely. There is no exploit available.