CVE-2026-4596
⚪ Do wiadomości
Wstrzyknięcie skryptów w Lawyer Management System umożliwia atak XSS zdalnie.
CVSS
3.5
EPSS
0.0%
Exploit
poc
Vendor
projectworlds
Opis źródłowy (NVD)
A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyers.php. The manipulation of the argument first_Name leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.
exploit xss
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 3.5 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-03-23 20:16:27 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-10 20:35:02 UTC |
Referencje
- https://github.com/eqiya17/collection-of-vulnerability/issues/1 (cna@vuldb.com) [Exploit, Issue Tracking, Mitigation]
- https://vuldb.com/?ctiid.352434 (cna@vuldb.com) [Permissions Required, VDB Entry]
- https://vuldb.com/?id.352434 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/?submit.775634 (cna@vuldb.com) [Third Party Advisory, VDB Entry]