CVE-2026-4835
⚪ Do wiadomości
Wstrzyknięcie skryptów w Accounting System umożliwia atak XSS zdalnie.
CVSS
3.5
EPSS
0.0%
Exploit
none
Vendor
Opis źródłowy (NVD)
A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /my_account/add_costumer.php of the component Web Application Interface. Such manipulation of the argument costumer_name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
xss
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 3.5 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-03-26 03:16:04 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-24 16:35:20 UTC |
Referencje
- https://code-projects.org/ (cna@vuldb.com)
- https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Accounting%20System%20in%20PHP%201.0%20-%20Stored%20Cross-Site%20Scripting%20(XSS)%20in%20costumer_name%20Parameter.md (cna@vuldb.com)
- https://vuldb.com/?ctiid.353139 (cna@vuldb.com)
- https://vuldb.com/?id.353139 (cna@vuldb.com)
- https://vuldb.com/?submit.775859 (cna@vuldb.com)